diff --git a/.github/workflows/build-docker-images-for-testing.yml b/.github/workflows/build-docker-images-for-testing.yml index d6deb628636..e9e6dba295e 100644 --- a/.github/workflows/build-docker-images-for-testing.yml +++ b/.github/workflows/build-docker-images-for-testing.yml @@ -49,11 +49,11 @@ jobs: run: echo "IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Build id: docker_build - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 timeout-minutes: 15 env: DOCKER_BUILD_CHECKS_ANNOTATIONS: false diff --git a/.github/workflows/cancel-outdated-workflow-runs.yml b/.github/workflows/cancel-outdated-workflow-runs.yml index 59e70ac3dff..4ef9c49b00d 100644 --- a/.github/workflows/cancel-outdated-workflow-runs.yml +++ b/.github/workflows/cancel-outdated-workflow-runs.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 3 steps: - - uses: styfle/cancel-workflow-action@3155a141048f8f89c06b4cdae32e7853e97536bc # 0.13.0 + - uses: styfle/cancel-workflow-action@d07a454dad7609a92316b57b23c9ccfd4f59af66 # 0.13.1 with: workflow_id: 'integration-tests.yml,k8s-tests.yml,unit-tests.yml,validate_docs_build.yml,test-helm-chart.yml,ruff.yml,shellcheck.yml' access_token: ${{ github.token }} diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 2984c0ba370..ce84454ea15 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -22,7 +22,7 @@ jobs: extended: true - name: Setup Node - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: '24.14.0' # TODO: Renovate helper might not be needed here - needs to be fully tested diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index c845276d119..81ff6937944 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -92,7 +92,7 @@ jobs: # load docker images from build jobs - name: Load images from artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: built-docker-image pattern: built-docker-image-* diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml index 47b4a0be692..ae991c744b3 100644 --- a/.github/workflows/k8s-tests.yml +++ b/.github/workflows/k8s-tests.yml @@ -16,16 +16,16 @@ jobs: # databases, broker and k8s are independent, so we don't need to test each combination # lastest k8s version (https://kubernetes.io/releases/) and the oldest officially supported version # are tested (https://kubernetes.io/releases/) - - k8s: 'v1.35.1' # renovate: datasource=github-releases depName=kubernetes/kubernetes versioning=loose + - k8s: 'v1.35.2' # renovate: datasource=github-releases depName=kubernetes/kubernetes versioning=loose os: debian - - k8s: '1.32.12' # renovate: datasource=custom.endoflife-oldest-maintained depName=kubernetes + - k8s: '1.33.9' # renovate: datasource=custom.endoflife-oldest-maintained depName=kubernetes os: debian steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Minikube - uses: manusa/actions-setup-minikube@8234275e0386fe1cdaf519d28c90f4f03fad89e4 # v2.15.0 + uses: manusa/actions-setup-minikube@96202dee4ae1c2f46a62fe197273aaf22b83f42d # v2.16.1 with: minikube version: 'v1.38.1' # renovate: datasource=github-releases depName=kubernetes/minikube kubernetes version: ${{ matrix.k8s }} @@ -38,7 +38,7 @@ jobs: minikube status - name: Load images from artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: built-docker-image pattern: built-docker-image-* diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 6e1055d2cb8..9d1671fd497 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Create Release id: create_release - uses: release-drafter/release-drafter@6db134d15f3909ccc9eefd369f02bd1e9cffdf97 # v6.2.0 + uses: release-drafter/release-drafter@3a7fb5c85b80b1dda66e1ccb94009adbbd32fce3 # v7.0.0 with: version: ${{ inputs.version }} env: @@ -47,7 +47,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Load OAS files from artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: oas-* diff --git a/.github/workflows/release-x-manual-docker-containers.yml b/.github/workflows/release-x-manual-docker-containers.yml index ca0ffa31c3f..72747c8deaa 100644 --- a/.github/workflows/release-x-manual-docker-containers.yml +++ b/.github/workflows/release-x-manual-docker-containers.yml @@ -52,7 +52,7 @@ jobs: run: echo "DOCKER_ORG=$(echo ${GITHUB_REPOSITORY%%/*} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV - name: Login to DockerHub - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -64,12 +64,12 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 # we cannot set any tags here, those are set on the merged digest in release-x-manual-merge-container-digests.yml - name: Build and push images id: build - uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 env: DOCKER_BUILD_CHECKS_ANNOTATIONS: false with: diff --git a/.github/workflows/release-x-manual-helm-chart.yml b/.github/workflows/release-x-manual-helm-chart.yml index 8cb11fbb197..5a085d45931 100644 --- a/.github/workflows/release-x-manual-helm-chart.yml +++ b/.github/workflows/release-x-manual-helm-chart.yml @@ -77,7 +77,7 @@ jobs: echo "chart_version=$(ls build | cut -d '-' -f 2,3 | sed 's|\.tgz||')" >> $GITHUB_ENV - name: Create release ${{ inputs.release_number }} - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 + uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1 with: name: '${{ inputs.release_number }} 🌈' tag_name: ${{ inputs.release_number }} diff --git a/.github/workflows/release-x-manual-merge-container-digests.yml b/.github/workflows/release-x-manual-merge-container-digests.yml index 425c24e7430..a6463f457d6 100644 --- a/.github/workflows/release-x-manual-merge-container-digests.yml +++ b/.github/workflows/release-x-manual-merge-container-digests.yml @@ -41,20 +41,20 @@ jobs: # only download digests for this image and this os - name: Download digests - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: ${{ runner.temp }}/digests pattern: digests-${{ matrix.docker-image}}-${{ matrix.os }}-* merge-multiple: true - name: Login to DockerHub - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 # the alpine and debian images are tagged with the os name - name: Create OS specific manifest list and push diff --git a/.github/workflows/release-x-manual-tag-as-latest.yml b/.github/workflows/release-x-manual-tag-as-latest.yml index 4852843adb5..e83aa96bb3f 100644 --- a/.github/workflows/release-x-manual-tag-as-latest.yml +++ b/.github/workflows/release-x-manual-tag-as-latest.yml @@ -37,13 +37,13 @@ jobs: run: echo "DOCKER_ORG=$(echo ${GITHUB_REPOSITORY%%/*} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV - name: Login to DockerHub - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - name: Tag with latest tags run: | diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index d75bcc5c0cc..0c2b94e5198 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -18,7 +18,7 @@ jobs: persist-credentials: false - name: validate - uses: suzuki-shunsuke/github-action-renovate-config-validator@ca480cb7ec89a9e1cd8c214ad33bda1617184027 # v2.0.0 + uses: suzuki-shunsuke/github-action-renovate-config-validator@ee9f69e1f683ed0d08225086482b34fc9abe9300 # v2.1.0 with: strict: "true" - validator_version: 43.31.7 # renovate: datasource=github-releases depName=renovatebot/renovate + validator_version: 43.76.4 # renovate: datasource=github-releases depName=renovatebot/renovate diff --git a/.github/workflows/rest-framework-tests.yml b/.github/workflows/rest-framework-tests.yml index 0065cc6675f..90127f2dc54 100644 --- a/.github/workflows/rest-framework-tests.yml +++ b/.github/workflows/rest-framework-tests.yml @@ -33,7 +33,7 @@ jobs: # load docker images from build jobs - name: Load images from artifacts - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: path: built-docker-image pattern: built-docker-image-* diff --git a/.github/workflows/update-sample-data.yml b/.github/workflows/update-sample-data.yml index f976a843cf0..525e892b605 100644 --- a/.github/workflows/update-sample-data.yml +++ b/.github/workflows/update-sample-data.yml @@ -24,7 +24,7 @@ jobs: run: | scripts/fixture-updater.py dojo/fixtures/defect_dojo_sample_data.json mv output.json dojo/fixtures/defect_dojo_sample_data.json - ./fixture-updater dojo/fixtures/defect_dojo_sample_data_locations.json + scripts/fixture-updater.py dojo/fixtures/defect_dojo_sample_data_locations.json mv output.json dojo/fixtures/defect_dojo_sample_data_locations.json - name: Configure git diff --git a/.github/workflows/validate_docs_build.yml b/.github/workflows/validate_docs_build.yml index 2583be524f6..93849bd13f1 100644 --- a/.github/workflows/validate_docs_build.yml +++ b/.github/workflows/validate_docs_build.yml @@ -17,7 +17,7 @@ jobs: extended: true - name: Setup Node - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: '24.14.0' # TODO: Renovate helper might not be needed here - needs to be fully tested diff --git a/Dockerfile.django-alpine b/Dockerfile.django-alpine index 407d01f9ebd..f5b7c07ac9a 100644 --- a/Dockerfile.django-alpine +++ b/Dockerfile.django-alpine @@ -77,7 +77,7 @@ COPY \ docker/reach_broker.sh \ docker/certs/* \ / -COPY wsgi.py manage.py ./ +COPY manage.py ./ COPY dojo/ ./dojo/ # Add extra fixtures to docker image which are loaded by the initializer diff --git a/Dockerfile.django-debian b/Dockerfile.django-debian index d6eed3bce3b..060f3870f43 100644 --- a/Dockerfile.django-debian +++ b/Dockerfile.django-debian @@ -5,7 +5,7 @@ # Dockerfile.nginx to use the caching mechanism of Docker. # Ref: https://devguide.python.org/#branchstatus -FROM python:3.13.12-slim-trixie@sha256:f50f56f1471fc430b394ee75fc826be2d212e35d85ed1171ac79abbba485dce9 AS base +FROM python:3.13.12-slim-trixie@sha256:8bc60ca09afaa8ea0d6d1220bde073bacfedd66a4bf8129cbdc8ef0e16c8a952 AS base FROM base AS build WORKDIR /app RUN \ @@ -80,7 +80,7 @@ COPY \ docker/reach_broker.sh \ docker/certs/* \ / -COPY wsgi.py manage.py ./ +COPY manage.py ./ COPY dojo/ ./dojo/ # Add extra fixtures to docker image which are loaded by the initializer diff --git a/Dockerfile.integration-tests-debian b/Dockerfile.integration-tests-debian index dee46e7e201..ad9e816abf5 100644 --- a/Dockerfile.integration-tests-debian +++ b/Dockerfile.integration-tests-debian @@ -3,7 +3,7 @@ FROM openapitools/openapi-generator-cli:v7.20.0@sha256:fa4add01856e44becf70674164df354d61bd37ba0f444d27be949801e013921b AS openapitools # currently only supports x64, no arm yet due to chrome and selenium dependencies -FROM python:3.13.12-slim-trixie@sha256:f50f56f1471fc430b394ee75fc826be2d212e35d85ed1171ac79abbba485dce9 AS build +FROM python:3.13.12-slim-trixie@sha256:8bc60ca09afaa8ea0d6d1220bde073bacfedd66a4bf8129cbdc8ef0e16c8a952 AS build WORKDIR /app RUN \ apt-get -y update && \ diff --git a/components/package.json b/components/package.json index 9ab5bc6d90e..6b3989ffc93 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.56.2", + "version": "2.57.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/docker-compose.override.dev.yml b/docker-compose.override.dev.yml index 0e694ade4d2..409de9f5d69 100644 --- a/docker-compose.override.dev.yml +++ b/docker-compose.override.dev.yml @@ -72,7 +72,7 @@ services: protocol: tcp mode: host "webhook.endpoint": - image: mccutchen/go-httpbin:2.20.0@sha256:b1620821b6ff191d911629f87a720b88df5397c2554045f1cfb1ffde17c9b898 + image: mccutchen/go-httpbin:2.21.0@sha256:809250d14e94397f4729f617931068a9ea048231fc1a11c9e3c7cb8c28bbab8d integration-tests: platform: "linux/amd64" profiles: diff --git a/docker-compose.yml b/docker-compose.yml index 7a263ef1c06..66f7b0936a6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -120,7 +120,7 @@ services: source: ./docker/extra_settings target: /app/docker/extra_settings postgres: - image: postgres:18.2-alpine@sha256:035b9ab53cfa147d7202b61f5f7782b939ae815b7d6bc81c96b7b42ff1fca950 + image: postgres:18.3-alpine@sha256:4da1a4828be12604092fa55311276f08f9224a74a62dcb4708bd7439e2a03911 environment: PGDATA: /var/lib/postgresql/data POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo} @@ -129,7 +129,7 @@ services: volumes: - defectdojo_postgres:/var/lib/postgresql/data valkey: - image: valkey/valkey:7.2.12-alpine@sha256:32860ea506d2dde08333d1cca2bf28c46bc84e9654308eabf801f77548f72573 + image: valkey/valkey:9.0.3-alpine@sha256:84c96f47ebe197e635cd3ddbe3ab74e8bdf783cf3befbfb1c36387275c1cd5d5 volumes: # we keep using the redis volume as renaming is not possible and copying data over # would require steps during downtime or complex commands in the intializer diff --git a/docs/content/en/open_source/upgrading/2.57.md b/docs/content/en/open_source/upgrading/2.57.md new file mode 100644 index 00000000000..aeb39538930 --- /dev/null +++ b/docs/content/en/open_source/upgrading/2.57.md @@ -0,0 +1,7 @@ +--- +title: 'Upgrading to DefectDojo Version 2.57.x' +toc_hide: true +weight: -20260302 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.57.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.57.0) for the contents of the release. diff --git a/docs/content/releases/os_upgrading/2.57.md b/docs/content/releases/os_upgrading/2.57.md new file mode 100644 index 00000000000..2c57c8ea755 --- /dev/null +++ b/docs/content/releases/os_upgrading/2.57.md @@ -0,0 +1,16 @@ +--- +title: "Upgrading to DefectDojo Version 2.57.x" +toc_hide: true +weight: -20570 +description: No special instructions. +--- + +## Upgrading to DefectDojo Version 2.57.x + +There are no special upgrade instructions for this release. + +## Release Notes + +### Bug Fixes + +- **Qualys Parser**: Fixed an issue where findings with the same QID but different ports were being collapsed into a single finding. Each QID+port combination now correctly gets its own endpoint, preserving port-level granularity without affecting finding titles or deduplication. ([#13682](https://github.com/DefectDojo/django-DefectDojo/issues/13682)) diff --git a/docs/content/supported_tools/parsers/file/iriusrisk.md b/docs/content/supported_tools/parsers/file/iriusrisk.md new file mode 100644 index 00000000000..eb5e3acdfc5 --- /dev/null +++ b/docs/content/supported_tools/parsers/file/iriusrisk.md @@ -0,0 +1,142 @@ +--- +title: "IriusRisk Threats Scan" +toc_hide: true +--- + +The [IriusRisk](https://www.iriusrisk.com/) parser for DefectDojo supports imports from CSV format. This document details the parsing of IriusRisk threat model CSV exports into DefectDojo field mappings, unmapped fields, and transformation notes for easier troubleshooting and analysis. + +## Supported File Types + +The IriusRisk parser accepts CSV file format. To generate this file from IriusRisk: + +1. Log into your IriusRisk console +2. Navigate to the project containing your threat model +3. Export the threats as CSV +4. Save the file with a `.csv` extension +5. Upload to DefectDojo using the "IriusRisk Threats Scan" scan type + +## Default Deduplication Hashcode Fields + +DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/): + +- title +- component_name + +### Sample Scan Data + +Sample IriusRisk scans can be found in the [sample scan data folder](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/iriusrisk). + +## Link To Tool + +- [IriusRisk](https://www.iriusrisk.com/) +- [IriusRisk Documentation](https://support.iriusrisk.com/) + +## CSV Format (Threat Model Export) + +### Total Fields in CSV + +- Total data fields: 14 +- Total data fields parsed: 14 +- Total data fields NOT parsed: 0 + +### CSV Format Field Mapping Details + +
+Click to expand Field Mapping Table + +| Source Field | DefectDojo Field | Notes | +| ------------------------ | -------------------- | --------------------------------------------------------------------- | +| Threat | title | Truncated to 500 characters with "..." suffix if longer | +| Current Risk | severity | Mapped from IriusRisk risk levels to DefectDojo severity levels | +| Component | component_name | The affected asset or component from the threat model | +| Threat | description | Full threat text included as first line of structured description | +| Component | description | Included in structured description block | +| Use case | description | Threat category included in structured description | +| Source | description | Origin of the threat included in structured description | +| Inherent Risk | description | Pre-control risk level included in structured description | +| Current Risk | description | Current risk level included in structured description | +| Projected Risk | description | Post-mitigation risk level included in structured description | +| Countermeasure progress | description | Percentage complete included in structured description | +| Weakness tests | description | Test status included in structured description | +| Countermeasure tests | description | Test status included in structured description | +| Owner | description | Conditionally appended to description only when present | +| STRIDE-LM | description | Conditionally appended to description only when present | +| Risk Response | mitigation | Mitigation status percentages from IriusRisk | +| MITRE reference | cwe | When value matches CWE-NNN pattern, integer is extracted to cwe field | +| MITRE reference | references | When value does not match CWE pattern, stored as references | + +
+ +### Additional Finding Field Settings (CSV Format) + +
+Click to expand Additional Settings Table + +| Finding Field | Default Value | Notes | +| ---------------- | -------------------------------- | ----------------------------------------------------------- | +| static_finding | False | Threat model data is neither static nor dynamic analysis | +| dynamic_finding | False | Threat model data is neither static nor dynamic analysis | +| active | True (False when "Very low") | Set to False when Current Risk is "Very low" (fully mitigated) | + +
+ +## Special Processing Notes + +### Status Conversion + +IriusRisk uses a five-level risk scale that is mapped to DefectDojo severity levels: + +- `Critical` → Critical +- `High` → High +- `Medium` → Medium +- `Low` → Low +- `Very low` → Info + +Any unrecognized risk value defaults to Info. The mapping uses the "Current Risk" column, which reflects the risk level accounting for existing controls and represents the most accurate current exposure. + +### Title Format + +Finding titles are derived from the "Threat" column. Threat descriptions longer than 500 characters are truncated to 497 characters with a "..." suffix appended. Shorter threat texts are used as-is without modification. + +### Description Construction + +The parser constructs a structured markdown description containing all relevant CSV fields: + +1. Full threat text (untruncated, regardless of title truncation) +2. Component name +3. Use case (threat category, e.g., "Elevation of Privilege", "Networking") +4. Source (e.g., "Created by Rules Engine") +5. Inherent Risk (pre-control risk level) +6. Current Risk (risk with existing controls) +7. Projected Risk (risk after planned mitigations) +8. Countermeasure Progress (percentage complete) +9. Weakness Tests (test status) +10. Countermeasure Tests (test status) +11. Owner (conditionally included only when the field contains a value) +12. STRIDE-LM (conditionally included only when the field contains a value) + +Each field is formatted as a bold markdown label followed by the value, with fields separated by newlines. + +### MITRE Reference / CWE Extraction + +The parser reads the "MITRE reference" column and applies conditional mapping: + +- If the value matches the pattern `CWE-NNN` (e.g., "CWE-284"), the integer portion is extracted and set on the finding's `cwe` field. +- If the value is present but does not match the CWE pattern (e.g., "T1059" for a MITRE ATT&CK technique), the full value is stored in the finding's `references` field. +- If the column is empty, neither field is set. + +### Mitigation Construction + +The mitigation field is populated directly from the "Risk Response" column, which contains the IriusRisk mitigation status in the format: "Planned mitigation: X%. Mitigated: Y%. Unmitigated: Z%." This preserves the original IriusRisk mitigation tracking percentages. + +### Active/Inactive Logic + +Findings are set to active by default. When the "Current Risk" value is "Very low", the finding is set to inactive, as this indicates the threat has been fully mitigated through implemented countermeasures. + +### Deduplication + +Deduplication uses DefectDojo's hashcode algorithm with the title and component_name fields to identify duplicate findings. These stable fields ensure that reimports correctly match existing findings even when risk levels or countermeasure progress change between scans. + +### Duplicate Rows in Source Data + +IriusRisk CSV exports can contain multiple rows with the same Component and Threat but different Risk Response values. These represent distinct countermeasure paths for the same threat. Each row is imported as a separate finding, distinguished by its description content which incorporates all CSV fields. diff --git a/docs/content/supported_tools/parsers/file/orca_security.md b/docs/content/supported_tools/parsers/file/orca_security.md new file mode 100644 index 00000000000..2d9c290b1be --- /dev/null +++ b/docs/content/supported_tools/parsers/file/orca_security.md @@ -0,0 +1,170 @@ +--- +title: "Orca Security Alerts" +toc_hide: true +--- + +The [Orca Security](https://orca.security/) parser for DefectDojo supports imports from CSV and JSON formats. This document details the parsing of Orca Security alert exports into DefectDojo field mappings and unmapped fields. + +## Supported File Types + +The Orca Security parser accepts CSV and JSON file formats. To generate these files from Orca Security: + +1. Log into the Orca Security console +2. Navigate to the Alerts page +3. Apply desired filters (scope, severity, status) +4. Click "Export" and select either CSV or JSON format +5. Save the exported file +6. Upload to DefectDojo using the "Orca Security Alerts" scan type + +The parser auto-detects the format: files starting with `[` are treated as JSON, otherwise CSV. + +## Default Deduplication Hashcode Fields + +By default, DefectDojo identifies duplicate Findings using the [hashcode deduplication algorithm](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/) with the following fields: + +- title +- component_name + +### Sample Scan Data + +Sample Orca Security scans can be found in the [sample scan data folder](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/orca_security). + +## Link To Tool + +- [Orca Security](https://orca.security/) +- [Orca Security Documentation](https://docs.orcasecurity.io/) + +## CSV Format + +### Total Fields in CSV + +- Total data fields: 12 +- Total data fields parsed: 12 +- Total data fields NOT parsed: 0 + +### CSV Format Field Mapping Details + +
+Click to expand Field Mapping Table + +| Source Field | DefectDojo Field | Notes | +| ------------ | ---------------- | ----- | +| Title | title | Truncated at 500 characters with "..." suffix | +| OrcaScore | severity | Float mapped to severity string (see Severity Conversion) | +| OrcaScore | severity_justification | Stored as "OrcaScore: X.X" | +| Category | description | Included in structured markdown description | +| Inventory.Name | component_name | Cloud resource name | +| CloudAccount.Name | description | Included in description and used for dedup hash | +| Source | service | Orca resource identifier populates service field | +| Source | description | Also included in description | +| Status | active | "open" = active, all else = inactive | +| CreatedAt | date | ISO 8601 parsed to date object | +| LastSeen | description | Included in description | +| Labels | tags | JSON-encoded array parsed and stored as finding tags | + +
+ +### Additional Finding Field Settings (CSV Format) + +
+Click to expand Additional Settings Table + +| Finding Field | Default Value | Notes | +|---------------|---------------|-------| +| static_finding | True | CSPM scan data is static analysis | +| dynamic_finding | False | Not a dynamic/runtime scan | +| active | Varies | Based on Status field ("open" = True) | +| mitigation | Not set | Orca exports do not include remediation text | + +
+ +## JSON Format + +### Total Fields in JSON + +- Total data fields: 10 +- Total data fields parsed: 10 +- Total data fields NOT parsed: 0 + +### JSON Format Field Mapping Details + +
+Click to expand Field Mapping Table + +| Source Field | DefectDojo Field | Notes | +| ------------ | ---------------- | ----- | +| Title | title | Truncated at 500 characters with "..." suffix | +| OrcaScore | severity | Float mapped to severity string (see Severity Conversion) | +| OrcaScore | severity_justification | Stored as "OrcaScore: X.X" | +| Category | description | Included in structured markdown description | +| Inventory.Name | component_name | Nested object, cloud resource name | +| CloudAccount.Name | description | Nested object, included in description and dedup hash | +| Source | service | Orca resource identifier populates service field | +| Source | description | Also included in description | +| Status | active | "open" = active, all else = inactive | +| CreatedAt | date | ISO 8601 parsed to date object | +| LastSeen | description | Included in description | +| Labels | tags | Array of strings stored as finding tags | + +
+ +### Additional Finding Field Settings (JSON Format) + +
+Click to expand Additional Settings Table + +| Finding Field | Default Value | Notes | +|---------------|---------------|-------| +| static_finding | True | CSPM scan data is static analysis | +| dynamic_finding | False | Not a dynamic/runtime scan | +| active | Varies | Based on Status field ("open" = True) | +| mitigation | Not set | Orca exports do not include remediation text | + +
+ +## Special Processing Notes + +### Date Processing + +The parser uses `dateutil.parser.parse()` to handle ISO 8601 date formats from Orca Security exports. The datetime is converted to a date object using `.date()`. Invalid or missing date strings return `None`. + +### Severity Conversion + +OrcaScore (float 0-10) is converted to DefectDojo severity levels: +- `0` or missing → Info +- `0.1 - 3.9` → Low +- `4.0 - 6.9` → Medium +- `7.0 - 8.9` → High +- `9.0 - 10.0` → Critical + +The conversion uses `float()` with error handling — non-numeric values default to Info severity. + +### Severity Justification + +The OrcaScore is also stored in the `severity_justification` field as "OrcaScore: X.X". This preserves the original numeric score for reference while the severity field contains the mapped categorical value. + +### Description Construction + +The parser builds a structured markdown description from all available alert fields. Each field is formatted as a bold label followed by its value, separated by double newlines. Fields with empty values are omitted. The description includes: Title, Category, Source, Inventory name, Cloud Account name, Orca Score, Status, Created date, Last Seen date, and Labels. + +### Title Format + +Finding titles use the alert's Title field directly. Titles longer than 500 characters are truncated with a "..." suffix. Alerts with no title receive the default "Orca Security Alert". + +### Service Field + +The Source field from Orca Security populates the DefectDojo `service` field. This represents the cloud resource or service that generated the alert. + +### Mitigation Construction + +Orca Security CSV and JSON exports do not include remediation or mitigation text. The mitigation field is not populated by this parser. + +### Deduplication + +Deduplication uses the hashcode algorithm configured in `settings.dist.py` with the fields `title` and `component_name`. This ensures findings with the same alert title on the same resource are deduplicated across reimports. Each row/item in the export becomes one Finding with no internal deduplication. + +### Tags Handling + +Labels from Orca Security are stored as finding tags using the `unsaved_tags` field. This makes labels searchable and filterable in DefectDojo. + +In CSV format, the Labels column contains a JSON-encoded array of strings. The parser uses `json.loads()` to parse this embedded JSON. If parsing fails, the raw string is used as a single tag. In JSON format, Labels is a native array of strings. diff --git a/dojo/__init__.py b/dojo/__init__.py index ababffbc57a..1318229d526 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.56.2" +__version__ = "2.57.0-dev" __url__ = "https://github.com/DefectDojo/django-DefectDojo" # noqa: RUF067 __docs__ = "https://documentation.defectdojo.com" # noqa: RUF067 diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py index 981618a23d8..7f3fb7ed9a9 100644 --- a/dojo/api_v2/serializers.py +++ b/dojo/api_v2/serializers.py @@ -3008,6 +3008,11 @@ def validate(self, data): return data +class FindingVerifySerializer(serializers.Serializer): + note = serializers.CharField(required=False, allow_blank=True) + note_type = serializers.PrimaryKeyRelatedField(required=False, allow_null=True, queryset=Note_Type.objects.all()) + + class ReportGenerateOptionSerializer(serializers.Serializer): include_finding_notes = serializers.BooleanField(default=False) include_finding_images = serializers.BooleanField(default=False) diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py index ffc07f5c1b0..c77927ce666 100644 --- a/dojo/api_v2/views.py +++ b/dojo/api_v2/views.py @@ -841,6 +841,8 @@ def download_proof(self, request, pk=None): ) # Get the path of the file in media root file_path = Path(settings.MEDIA_ROOT) / file_object.name + # NOTE: FileResponse takes ownership of closing the file handle when the response is closed. + # Explicitly register the closer to avoid potential resource leaks and satisfy static analyzers. file_handle = file_path.open("rb") # send file response = FileResponse( @@ -848,6 +850,8 @@ def download_proof(self, request, pk=None): content_type=mimetypes.guess_type(str(file_path))[0] or "application/octet-stream", status=status.HTTP_200_OK, ) + if hasattr(response, "_resource_closers"): + response._resource_closers.append(file_handle.close) response["Content-Length"] = file_object.size response[ "Content-Disposition" @@ -1088,6 +1092,32 @@ def close(self, request, pk=None): serialized_finding = serializers.FindingCloseSerializer(finding, context={"request": request}) return Response(serialized_finding.data) + @extend_schema( + methods=["POST"], + request=serializers.FindingVerifySerializer, + responses={status.HTTP_200_OK: serializers.FindingSerializer}, + ) + @action(detail=True, methods=["post"], permission_classes=(IsAuthenticated, permissions.UserHasFindingRelatedObjectPermission)) + def verify(self, request, pk=None): + finding = self.get_object() + + serializer = serializers.FindingVerifySerializer(data=request.data) + if not serializer.is_valid(): + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) + + # Remove prefetched tags to keep queryset state in sync + finding.tags._remove_prefetched_objects() + + finding_helper.verify_finding( + finding=finding, + user=request.user, + note_entry=serializer.validated_data.get("note"), + note_type=serializer.validated_data.get("note_type"), + ) + + serialized_finding = serializers.FindingSerializer(finding, context={"request": request}) + return Response(serialized_finding.data) + @extend_schema( methods=["GET"], responses={status.HTTP_200_OK: serializers.TagSerializer}, diff --git a/dojo/engagement/views.py b/dojo/engagement/views.py index 4b48efcbd6e..1b94ace21f4 100644 --- a/dojo/engagement/views.py +++ b/dojo/engagement/views.py @@ -1578,9 +1578,10 @@ def download_risk_acceptance(request, eid, raid): # Ensure the risk acceptance is under the supplied engagement if not Engagement.objects.filter(risk_acceptance=risk_acceptance, id=eid).exists(): raise PermissionDenied - response = StreamingHttpResponse( - FileIterWrapper( - (Path(settings.MEDIA_ROOT) / risk_acceptance.path.name).open(mode="rb"))) + file_handle = (Path(settings.MEDIA_ROOT) / risk_acceptance.path.name).open(mode="rb") + response = StreamingHttpResponse(FileIterWrapper(file_handle)) + if hasattr(response, "_resource_closers"): + response._resource_closers.append(file_handle.close) response["Content-Disposition"] = f'attachment; filename="{risk_acceptance.filename()}"' mimetype, _encoding = mimetypes.guess_type(risk_acceptance.path.name) response["Content-Type"] = mimetype or "application/octet-stream" diff --git a/dojo/finding/deduplication.py b/dojo/finding/deduplication.py index 97b652d3fd6..33f89a16e58 100644 --- a/dojo/finding/deduplication.py +++ b/dojo/finding/deduplication.py @@ -32,6 +32,7 @@ def get_finding_models_for_deduplication(finding_ids): return list( Finding.objects.filter(id__in=finding_ids) + .only(*Finding.DEDUPLICATION_FIELDS) .select_related("test", "test__engagement", "test__engagement__product", "test__test_type") .prefetch_related( "endpoints", @@ -112,7 +113,37 @@ def deduplicate_uid_or_hash_code(new_finding): _dedupe_batch_uid_or_hash([new_finding]) -def set_duplicate(new_finding, existing_finding): +def set_duplicate(new_finding, existing_finding, *, save=True): + """ + Mark new_finding as a duplicate of existing_finding. + + Sets duplicate=True, active=False, verified=False, and duplicate_finding=existing_finding + on new_finding, then flattens any transitive duplicates: if any findings already point to + new_finding as their original, they are re-pointed directly to existing_finding (so the + duplicate chain never has more than one level of indirection). + + The test_type of new_finding is added to existing_finding.found_by if not already present. + + Args: + new_finding: The finding to mark as a duplicate. + existing_finding: The original finding that new_finding is a duplicate of. + Must not itself be a duplicate. + save: When True (default), each modified finding and existing_finding are + saved to the database immediately via super().save(skip_validation=True). + Pass save=False in batch contexts to defer persistence; the caller is + then responsible for bulk-saving the returned list and existing_finding. + + Returns: + A list of all Finding instances whose fields were modified by this call, including + new_finding itself and any transitively re-pointed findings. The caller must persist + these when save=False. + + Raises: + Exception: if existing_finding is itself a duplicate, if new_finding == existing_finding, + if marking would reopen a mitigated finding via a duplicate chain, or if + new_finding is already a duplicate and existing_finding is mitigated. + + """ deduplicationLogger.debug(f"new_finding.status(): {new_finding.id} {new_finding.status()}") deduplicationLogger.debug(f"existing_finding.status(): {existing_finding.id} {existing_finding.status()}") if existing_finding.duplicate: @@ -135,6 +166,8 @@ def set_duplicate(new_finding, existing_finding): new_finding.verified = False new_finding.duplicate_finding = existing_finding + all_modified = [new_finding] + # Make sure transitive duplication is flattened # if A -> B and B is made a duplicate of C here, afterwards: # A -> C and B -> C should be true @@ -143,7 +176,7 @@ def set_duplicate(new_finding, existing_finding): # order_by here to prevent bypassing the prefetch cache. for find in new_finding.original_finding.all(): new_finding.original_finding.remove(find) - set_duplicate(find, existing_finding) + all_modified.extend(set_duplicate(find, existing_finding, save=save)) # Only add test type to found_by if it is not already present. # This is efficient because `found_by` is prefetched for candidates via `build_dedupe_scope_queryset()`. test_type = getattr(getattr(new_finding, "test", None), "test_type", None) @@ -152,10 +185,14 @@ def set_duplicate(new_finding, existing_finding): # existing_finding.found_by.add(new_finding.test.test_type) - logger.debug("saving new finding: %d", new_finding.id) - super(Finding, new_finding).save(skip_validation=True) - logger.debug("saving existing finding: %d", existing_finding.id) - super(Finding, existing_finding).save(skip_validation=True) + if save: + for f in all_modified: + logger.debug("saving new finding: %d", f.id) + super(Finding, f).save(skip_validation=True) + logger.debug("saving existing finding: %d", existing_finding.id) + super(Finding, existing_finding).save(skip_validation=True) + + return all_modified def is_duplicate_reopen(new_finding, existing_finding) -> bool: @@ -315,6 +352,7 @@ def build_candidate_scope_queryset(test, mode="deduplication", service=None): return ( queryset + .defer(*Finding.DEDUPLICATION_DEFERRED_FIELDS) .select_related("test", "test__engagement", "test__test_type") .prefetch_related(*prefetch_list) ) @@ -658,50 +696,73 @@ def get_matches_from_legacy_candidates(new_finding, candidates_by_title, candida yield candidate +def _flush_duplicate_changes(modified_new_findings): + """ + Persist duplicate field changes collected during a batch deduplication run. + + Bulk-updates all modified new findings in one round-trip instead of one + save() call per finding. Uses bulk_update to bypass Django signals. + + Returns the list of modified findings so callers can perform any follow-up + processing (e.g. triggering prioritization) on the affected findings. + """ + if modified_new_findings: + Finding.objects.bulk_update( + modified_new_findings, + ["duplicate", "active", "verified", "duplicate_finding"], + ) + return modified_new_findings + + def _dedupe_batch_hash_code(findings): if not findings: - return + return [] test = findings[0].test candidates_by_hash = find_candidates_for_deduplication_hash(test, findings) if not candidates_by_hash: - return + return [] + modified_new_findings = [] for new_finding in findings: deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_HASH_CODE") for match in get_matches_from_hash_candidates(new_finding, candidates_by_hash): try: - set_duplicate(new_finding, match) + modified_new_findings.extend(set_duplicate(new_finding, match, save=False)) break except Exception as e: deduplicationLogger.debug(str(e)) + return _flush_duplicate_changes(modified_new_findings) def _dedupe_batch_unique_id(findings): if not findings: - return + return [] test = findings[0].test candidates_by_uid = find_candidates_for_deduplication_unique_id(test, findings) if not candidates_by_uid: - return + return [] + modified_new_findings = [] for new_finding in findings: deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL") for match in get_matches_from_unique_id_candidates(new_finding, candidates_by_uid): deduplicationLogger.debug(f"Trying to deduplicate finding {new_finding.id} against candidate {match.id}") try: - set_duplicate(new_finding, match) + modified_new_findings.extend(set_duplicate(new_finding, match, save=False)) deduplicationLogger.debug(f"Successfully deduplicated finding {new_finding.id} against candidate {match.id}") break except Exception as e: deduplicationLogger.debug(f"Exception when deduplicating finding {new_finding.id} against candidate {match.id}: {e!s}") + return _flush_duplicate_changes(modified_new_findings) def _dedupe_batch_uid_or_hash(findings): if not findings: - return + return [] test = findings[0].test candidates_by_uid, existing_by_hash = find_candidates_for_deduplication_uid_or_hash(test, findings) if not (candidates_by_uid or existing_by_hash): - return + return [] + modified_new_findings = [] for new_finding in findings: deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE") if new_finding.duplicate: @@ -709,27 +770,30 @@ def _dedupe_batch_uid_or_hash(findings): for match in get_matches_from_uid_or_hash_candidates(new_finding, candidates_by_uid, existing_by_hash): try: - set_duplicate(new_finding, match) + modified_new_findings.extend(set_duplicate(new_finding, match, save=False)) break except Exception as e: deduplicationLogger.debug(str(e)) + return _flush_duplicate_changes(modified_new_findings) def _dedupe_batch_legacy(findings): if not findings: - return + return [] test = findings[0].test candidates_by_title, candidates_by_cwe = find_candidates_for_deduplication_legacy(test, findings) if not (candidates_by_title or candidates_by_cwe): - return + return [] + modified_new_findings = [] for new_finding in findings: deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_LEGACY") for match in get_matches_from_legacy_candidates(new_finding, candidates_by_title, candidates_by_cwe): try: - set_duplicate(new_finding, match) + modified_new_findings.extend(set_duplicate(new_finding, match, save=False)) break except Exception as e: deduplicationLogger.debug(str(e)) + return _flush_duplicate_changes(modified_new_findings) def dedupe_batch_of_findings(findings, *args, **kwargs): @@ -742,7 +806,7 @@ def dedupe_batch_of_findings(findings, *args, **kwargs): if not findings: logger.debug("dedupe_batch_of_findings called with no findings") - return None + return [] enabled = System_Settings.objects.get().enable_deduplication @@ -755,16 +819,277 @@ def dedupe_batch_of_findings(findings, *args, **kwargs): if dedup_alg == settings.DEDUPE_ALGO_HASH_CODE: logger.debug(f"deduplicating finding batch with DEDUPE_ALGO_HASH_CODE - {len(findings)} findings") - _dedupe_batch_hash_code(findings) - elif dedup_alg == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL: + return _dedupe_batch_hash_code(findings) + if dedup_alg == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL: logger.debug(f"deduplicating finding batch with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL - {len(findings)} findings") - _dedupe_batch_unique_id(findings) - elif dedup_alg == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE: + return _dedupe_batch_unique_id(findings) + if dedup_alg == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE: logger.debug(f"deduplicating finding batch with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE - {len(findings)} findings") - _dedupe_batch_uid_or_hash(findings) + return _dedupe_batch_uid_or_hash(findings) + logger.debug(f"deduplicating finding batch with LEGACY - {len(findings)} findings") + return _dedupe_batch_legacy(findings) + deduplicationLogger.debug("dedupe: skipping dedupe because it's disabled in system settings get()") + return [] + + +# --------------------------------------------------------------------------- +# False-positive history helpers +# --------------------------------------------------------------------------- + + +def _fp_candidates_qs(scope_filter, dedup_alg, findings, exclude_ids=None): + """ + Build and return a lazy QuerySet of existing findings that could be FP matches + for the given list of findings under the specified algorithm and scope. + + Single source of truth for the algorithm dispatch, shared between + match_finding_to_existing_findings (returns the QS directly for chaining) and + _fetch_fp_candidates_for_batch (evaluates it into a keyed dict). + + For the legacy algorithm, exclude_ids is intentionally ignored — this matches + the original match_finding_to_existing_findings behaviour. + """ + if dedup_alg == "hash_code": + hash_codes = {f.hash_code for f in findings if getattr(f, "hash_code", None)} + if not hash_codes: + return Finding.objects.none() + qs = Finding.objects.filter(**scope_filter, hash_code__in=hash_codes).exclude(hash_code=None) + if exclude_ids: + qs = qs.exclude(id__in=exclude_ids) + return qs.order_by("id") + + if dedup_alg == "unique_id_from_tool": + uids = {f.unique_id_from_tool for f in findings if getattr(f, "unique_id_from_tool", None)} + if not uids: + return Finding.objects.none() + qs = Finding.objects.filter(**scope_filter, unique_id_from_tool__in=uids).exclude(unique_id_from_tool=None) + if exclude_ids: + qs = qs.exclude(id__in=exclude_ids) + return qs.order_by("id") + + if dedup_alg == "unique_id_from_tool_or_hash_code": + hash_codes = {f.hash_code for f in findings if getattr(f, "hash_code", None)} + uids = {f.unique_id_from_tool for f in findings if getattr(f, "unique_id_from_tool", None)} + if not hash_codes and not uids: + return Finding.objects.none() + cond = Q() + if hash_codes: + cond |= Q(hash_code__isnull=False, hash_code__in=hash_codes) + if uids: + cond |= Q(unique_id_from_tool__isnull=False, unique_id_from_tool__in=uids) + qs = Finding.objects.filter(Q(**scope_filter)).filter(cond) + if exclude_ids: + qs = qs.exclude(id__in=exclude_ids) + return qs.order_by("id") + + if dedup_alg == "legacy": + pairs = { + (f.title, f.severity, Finding.get_numerical_severity(f.severity)) + for f in findings + if getattr(f, "title", None) + } + if not pairs: + return Finding.objects.none() + cond = Q() + for title, severity, num_sev in pairs: + cond |= Q(title__iexact=title, severity=severity, numerical_severity=num_sev) + # Legacy does not exclude by id — matches the original match_finding_to_existing_findings behaviour. + return Finding.objects.filter(**scope_filter).filter(cond).order_by("id") + + logger.error( + "FALSE_POSITIVE_HISTORY: unexpected deduplication_algorithm '%s', returning empty candidates", + dedup_alg, + ) + return Finding.objects.none() + + +def _fetch_fp_candidates_for_batch(findings, product, dedup_alg): + """ + Fetch all existing findings in the product that could be FP matches for a batch, + returning a dict keyed by match identifier for in-memory lookup. + + For unique_id_from_tool_or_hash_code the return value is a tuple (by_uid, by_hash). + For all other algorithms it is a plain dict. + """ + scope_filter = {"test__engagement__product": product} + exclude_ids = {f.id for f in findings if f.id} + qs = _fp_candidates_qs(scope_filter, dedup_alg, findings, exclude_ids).only( + # Keep this list in sync with every field read from candidate objects in this function. + # Accessing a field not listed here causes Django to issue an extra SELECT per object, + # silently negating the .only() optimisation. + "id", "false_p", "active", "hash_code", "unique_id_from_tool", "title", "severity", + ) + + if dedup_alg == "unique_id_from_tool_or_hash_code": + by_hash: dict = {} + by_uid: dict = {} + for ef in qs: + if ef.hash_code: + by_hash.setdefault(ef.hash_code, []).append(ef) + if ef.unique_id_from_tool: + by_uid.setdefault(ef.unique_id_from_tool, []).append(ef) + return by_uid, by_hash + + if dedup_alg == "hash_code": + result: dict = {} + for ef in qs: + result.setdefault(ef.hash_code, []).append(ef) + return result + + if dedup_alg == "unique_id_from_tool": + result = {} + for ef in qs: + result.setdefault(ef.unique_id_from_tool, []).append(ef) + return result + + if dedup_alg == "legacy": + result = {} + for ef in qs: + result.setdefault((ef.title.lower(), ef.severity), []).append(ef) + return result + + return {} + + +def do_false_positive_history_batch(findings): + """ + Batch version of do_false_positive_history. + + Processes a list of findings from the same product in a single DB round-trip + rather than one query per finding. All findings are expected to share the + same test (i.e. same deduplication_algorithm and same product), which is + guaranteed by both callers (post_process_findings_batch and bulk-edit). + + Args: + findings: list of :model:`dojo.Finding` instances + + """ + if not findings: + return + + system_settings = System_Settings.objects.get() + + product = findings[0].test.engagement.product + dedup_alg = findings[0].test.deduplication_algorithm + + # Fetch all candidate existing findings with one DB query + candidates = _fetch_fp_candidates_for_batch(findings, product, dedup_alg) + + to_mark_as_fp_ids: set = set() + + for finding in findings: + # Resolve candidate list(s) for this finding + if dedup_alg == "unique_id_from_tool_or_hash_code": + by_uid, by_hash = candidates # type: ignore[misc] + uid_matches = by_uid.get(finding.unique_id_from_tool, []) if finding.unique_id_from_tool else [] + hash_matches = by_hash.get(finding.hash_code, []) if finding.hash_code else [] + # Deduplicate by id while preserving both uid and hash matches + seen: dict = {} + for ef in uid_matches + hash_matches: + seen.setdefault(ef.id, ef) + existing = list(seen.values()) + elif dedup_alg == "hash_code": + existing = candidates.get(finding.hash_code, []) if finding.hash_code else [] + elif dedup_alg == "unique_id_from_tool": + existing = candidates.get(finding.unique_id_from_tool, []) if finding.unique_id_from_tool else [] + elif dedup_alg == "legacy": + key = (finding.title.lower(), finding.severity) if finding.title else None + existing = candidates.get(key, []) if key else [] else: - logger.debug(f"deduplicating finding batch with LEGACY - {len(findings)} findings") - _dedupe_batch_legacy(findings) + existing = [] + + existing_fps = [ef for ef in existing if ef.false_p] + + if existing_fps: + finding.false_p = True + if finding.id: + to_mark_as_fp_ids.add(finding.id) + + if system_settings.retroactive_false_positive_history and finding.false_p: + for ef in existing: + if ef.active and not ef.false_p: + to_mark_as_fp_ids.add(ef.id) + + if to_mark_as_fp_ids: + deduplicationLogger.debug( + "FALSE_POSITIVE_HISTORY (batch): marking %i finding(s) as false positive: %s", + len(to_mark_as_fp_ids), + sorted(to_mark_as_fp_ids), + ) + # QuerySet.update() bypasses Django signals — intentional as this code is called during (post) save processing. + # Note: .only() does not constrain update() — Django generates the UPDATE SQL independently. + Finding.objects.filter(id__in=to_mark_as_fp_ids).update(false_p=True, active=False, verified=False) + + +def do_false_positive_history(finding, *args, **kwargs): + """ + Replicate false positives across product. + + Mark finding as false positive if the same finding was previously marked + as false positive in the same product, beyond that, retroactively mark + all equal findings in the product as false positive (if they weren't already). + The retroactively replication will be also trigerred if the finding passed as + an argument already is a false positive. With this feature we can assure that + on each call of this method all findings in the product complies to the rule + (if one finding is a false positive, all equal findings in the same product also are). + + Args: + finding (:model:`dojo.Finding`): Finding to be replicated + + """ + do_false_positive_history_batch([finding]) + + +def match_finding_to_existing_findings(finding, product=None, engagement=None, test=None): + """ + Customizable lookup that returns all existing findings for a given finding. + + Takes one finding as an argument and returns all findings that are equal to it + on the same product, engagement or test. For now, only one custom filter can + be used, so you should choose between product, engagement or test. + The lookup is done based on the deduplication_algorithm of the given finding test. + + Args: + finding (:model:`dojo.Finding`): Finding to be matched + product (:model:`dojo.Product`, optional): Product to filter findings by + engagement (:model:`dojo.Engagement`, optional): Engagement to filter findings by + test (:model:`dojo.Test`, optional): Test to filter findings by + + """ + if product: + custom_filter_type = "product" + custom_filter = {"test__engagement__product": product} + + elif engagement: + custom_filter_type = "engagement" + custom_filter = {"test__engagement": engagement} + + elif test: + custom_filter_type = "test" + custom_filter = {"test": test} + else: - deduplicationLogger.debug("dedupe: skipping dedupe because it's disabled in system settings get()") - return None + msg = "No product, engagement or test provided as argument." + raise ValueError(msg) + + deduplication_algorithm = finding.test.deduplication_algorithm + + deduplicationLogger.debug( + "Matching finding %i:%s to existing findings in %s %s using %s as deduplication algorithm.", + finding.id, finding.title, custom_filter_type, list(custom_filter.values())[0], deduplication_algorithm, + ) + + if deduplication_algorithm == "legacy": + # This is the legacy reimport behavior. Although it's pretty flawed and + # doesn't match the legacy algorithm for deduplication, this is left as is for simplicity. + # Re-writing the legacy deduplication here would be complicated and counter-productive. + # If you have use cases going through this section, you're advised to create a deduplication configuration for your parser + logger.debug("Legacy dedupe. In case of issue, you're advised to create a deduplication configuration in order not to go through this section") + + exclude_ids = {finding.id} if finding.id else set() + qs = _fp_candidates_qs(custom_filter, deduplication_algorithm, [finding], exclude_ids=exclude_ids) + + if deduplication_algorithm == "unique_id_from_tool_or_hash_code": + deduplicationLogger.debug(qs.query) + + return qs diff --git a/dojo/finding/helper.py b/dojo/finding/helper.py index b390ff17be6..e7108078d2a 100644 --- a/dojo/finding/helper.py +++ b/dojo/finding/helper.py @@ -21,6 +21,8 @@ from dojo.finding.deduplication import ( dedupe_batch_of_findings, do_dedupe_finding_task_internal, + do_false_positive_history, + do_false_positive_history_batch, get_finding_models_for_deduplication, ) from dojo.jira_link.helper import is_keep_in_sync_with_jira @@ -46,7 +48,6 @@ from dojo.utils import ( calculate_grade, close_external_issue, - do_false_positive_history, get_current_user, get_object_or_none, mass_model_updater, @@ -501,8 +502,7 @@ def post_process_findings_batch( if system_settings.enable_deduplication: deduplicationLogger.warning("skipping false positive history because deduplication is also enabled") else: - for finding in findings: - do_false_positive_history(finding, *args, **kwargs) + do_false_positive_history_batch(findings) # Non-status changing tasks if issue_updater_option: @@ -1014,6 +1014,54 @@ def normalize_datetime(value): return value +def _create_note_if_provided( + finding, + note_entry, + *, + user=None, + note_type=None, + note_date=None, +): + """ + Create a note for the finding when content is provided. Returns the note or None. + Note author defaults to finding.last_reviewed_by + """ + if not note_entry: + return None + + new_note = Notes.objects.create( + entry=note_entry, + author=user or finding.last_reviewed_by, + note_type=note_type, + date=note_date, + ) + finding.notes.add(new_note) + return new_note + + +def _save_finding_with_jira_sync(finding, *, new_note=None): + """Persist finding and apply JIRA sync behavior used by finding status actions.""" + push_to_jira = False + finding_in_group = finding.has_finding_group + jira_issue_exists = finding.has_jira_issue or ( + finding.finding_group and finding.finding_group.has_jira_issue + ) + jira_instance = jira_helper.get_jira_instance(finding) + jira_project = jira_helper.get_jira_project(finding) + + if jira_issue_exists: + push_to_jira = ( + jira_helper.is_push_all_issues(finding) + or (jira_instance and jira_instance.finding_jira_sync) + ) + if new_note and (getattr(jira_project, "push_notes", False) or push_to_jira) and not finding_in_group: + jira_helper.add_comment(finding, new_note, force_push=True) + + finding.save(push_to_jira=(push_to_jira and not finding_in_group)) + if push_to_jira and finding_in_group: + jira_helper.push_to_jira(finding.finding_group) + + def close_finding( *, finding, @@ -1048,15 +1096,12 @@ def close_finding( finding.last_reviewed_by = user # Create note if provided - new_note = None - if note_entry: - new_note = Notes.objects.create( - entry=note_entry, - author=user, - note_type=note_type, - date=mitigated_date, - ) - finding.notes.add(new_note) + new_note = _create_note_if_provided( + finding, + note_entry, + note_type=note_type, + note_date=mitigated_date, + ) if settings.V3_FEATURE_LOCATIONS: # Related locations @@ -1078,26 +1123,7 @@ def close_finding( # External issues (best effort) close_external_issue(finding.id, "Closed by defectdojo", "github") - # JIRA sync - push_to_jira = False - finding_in_group = finding.has_finding_group - jira_issue_exists = finding.has_jira_issue or ( - finding.finding_group and finding.finding_group.has_jira_issue - ) - jira_instance = jira_helper.get_jira_instance(finding) - jira_project = jira_helper.get_jira_project(finding) - if jira_issue_exists: - push_to_jira = ( - jira_helper.is_push_all_issues(finding) - or (jira_instance and jira_instance.finding_jira_sync) - ) - if new_note and (getattr(jira_project, "push_notes", False) or push_to_jira) and not finding_in_group: - jira_helper.add_comment(finding, new_note, force_push=True) - - # Persist and push JIRA if applicable - finding.save(push_to_jira=(push_to_jira and not finding_in_group)) - if push_to_jira and finding_in_group: - jira_helper.push_to_jira(finding.finding_group) + _save_finding_with_jira_sync(finding, new_note=new_note) # Notification create_notification( @@ -1107,3 +1133,28 @@ def close_finding( description=f'The finding "{finding.title}" was closed by {user}', url=reverse("view_finding", args=(finding.id,)), ) + + +def verify_finding( + *, + finding, + user, + note_entry=None, + note_type=None, +) -> None: + """Shared verify logic used by UI and API.""" + verification_time = now() + + finding.verified = True + finding.last_reviewed = verification_time + finding.last_reviewed_by = user + finding.last_status_update = verification_time + + new_note = _create_note_if_provided( + finding, + note_entry, + note_type=note_type, + note_date=verification_time, + ) + + _save_finding_with_jira_sync(finding, new_note=new_note) diff --git a/dojo/finding/urls.py b/dojo/finding/urls.py index fa442df384c..75ab68303a4 100644 --- a/dojo/finding/urls.py +++ b/dojo/finding/urls.py @@ -142,6 +142,8 @@ name="choose_finding_template_options"), re_path(r"^finding/(?P\d+)/(?P\d+)/apply_template_to_finding$", views.apply_template_to_finding, name="apply_template_to_finding"), + re_path(r"^finding/(?P\d+)/verify$", views.verify_finding, + name="verify_finding"), re_path(r"^finding/(?P\d+)/close$", views.close_finding, name="close_finding"), re_path(r"^finding/(?P\d+)/defect_review$", diff --git a/dojo/finding/views.py b/dojo/finding/views.py index b361e402d96..f93ae8e28fb 100644 --- a/dojo/finding/views.py +++ b/dojo/finding/views.py @@ -50,6 +50,11 @@ TestImportFilter, TestImportFindingActionFilter, ) +from dojo.finding.deduplication import ( + _fetch_fp_candidates_for_batch, + do_false_positive_history_batch, + match_finding_to_existing_findings, +) from dojo.finding.queries import get_authorized_findings, get_authorized_findings_for_queryset, prefetch_for_findings from dojo.forms import ( ApplyFindingTemplateForm, @@ -112,14 +117,12 @@ add_field_errors_to_response, add_success_message_to_response, calculate_grade, - do_false_positive_history, get_page_items, get_page_items_and_count, get_return_url, get_system_setting, get_visible_scan_types, get_words_for_field, - match_finding_to_existing_findings, process_tag_notifications, redirect, redirect_to_return_url_or_else, @@ -880,26 +883,27 @@ def process_mitigated_data(self, request: HttpRequest, finding: Finding, context status.last_modified = timezone.now() status.save() - def process_false_positive_history(self, finding: Finding): + def process_false_positive_history(self, finding: Finding, *, old_false_p: bool = False): if get_system_setting("false_positive_history", False): # If the finding is being marked as a false positive we dont need to call the - # fp history function because it will be called by the save function - # If finding was a false positive and is being reactivated: retroactively reactivates all equal findings - if finding.false_p and not finding.false_p and get_system_setting("retroactive_false_positive_history"): + # fp history function because it will be called by the save function. + # If finding was a false positive and is being reactivated: retroactively reactivates all equal findings. + # old_false_p must be captured before form.save(commit=False) mutates the finding in place. + if old_false_p and not finding.false_p and get_system_setting("retroactive_false_positive_history"): logger.debug("FALSE_POSITIVE_HISTORY: Reactivating existing findings based on: %s", finding) - - existing_fp_findings = match_finding_to_existing_findings( + # QuerySet.update() bypasses Django signals, which is intentional here — it mirrors + # the previous save_no_options() calls that also disabled all post-save processing. + # match_finding_to_existing_findings returns a lazy QS with no .only() applied, + # so any field can be added here without needing a corresponding .only() change in deduplication.py#_fetch_fp_candidates_for_batch. + match_finding_to_existing_findings( finding, product=finding.test.engagement.product, - ).filter(false_p=True) - - for fp in existing_fp_findings: - logger.debug("FALSE_POSITIVE_HISTORY: Reactivating false positive %i: %s", fp.id, fp) - fp.active = finding.active - fp.verified = finding.verified - fp.false_p = False - fp.out_of_scope = finding.out_of_scope - fp.is_mitigated = finding.is_mitigated - fp.save_no_options() + ).filter(false_p=True).update( + false_p=False, + active=finding.active, + verified=finding.verified, + out_of_scope=finding.out_of_scope, + is_mitigated=finding.is_mitigated, + ) def process_burp_request_response(self, finding: Finding, context: dict): if "request" in context["form"].cleaned_data or "response" in context["form"].cleaned_data: @@ -919,6 +923,9 @@ def process_burp_request_response(self, finding: Finding, context: dict): def process_finding_form(self, request: HttpRequest, finding: Finding, context: dict): if context["form"].is_valid(): # process some of the easy stuff first + # Capture false_p before form.save(commit=False) mutates the finding in place, + # so process_false_positive_history can detect a false-positive → active transition. + old_false_p = finding.false_p new_finding = context["form"].save(commit=False) new_finding.test = finding.test new_finding.numerical_severity = Finding.get_numerical_severity(new_finding.severity) @@ -950,7 +957,7 @@ def process_finding_form(self, request: HttpRequest, finding: Finding, context: endpoint_status.delete() # Handle some of the other steps self.process_mitigated_data(request, new_finding, context) - self.process_false_positive_history(new_finding) + self.process_false_positive_history(new_finding, old_false_p=old_false_p) self.process_burp_request_response(new_finding, context) # Save the vulnerability IDs finding_helper.save_vulnerability_ids(new_finding, context["form"].cleaned_data["vulnerability_ids"].split()) @@ -1226,6 +1233,65 @@ def close_finding(request, fid): ) +@user_is_authorized(Finding, Permissions.Finding_Edit, "fid") +def verify_finding(request, fid): + finding = get_object_or_404(Finding, id=fid) + + if finding.verified: + messages.add_message( + request, + messages.INFO, + "Finding already verified.", + extra_tags="alert-info", + ) + return redirect_to_return_url_or_else( + request, + reverse("view_finding", args=(finding.id,)), + ) + + form = NoteForm(data=request.POST or None) + form.fields["entry"].required = False + form.fields["entry"].label = _("Comment (optional)") + + if request.method == "POST" and form.is_valid(): + entry = form.cleaned_data.get("entry", "") + finding_helper.verify_finding( + finding=finding, + user=request.user, + note_entry=entry, + ) + + messages.add_message( + request, + messages.SUCCESS, + "Finding verified.", + extra_tags="alert-success", + ) + + return redirect_to_return_url_or_else( + request, + reverse("view_finding", args=(finding.id,)), + ) + + product_tab = Product_Tab( + finding.test.engagement.product, + title="Verify Finding", + tab="findings", + ) + + return render( + request, + "dojo/verify_finding.html", + { + "finding": finding, + "product_tab": product_tab, + "user": request.user, + "form": form, + "active_tab": "findings", + }, + ) + + @user_is_authorized(Finding, Permissions.Finding_Edit, "fid") def defect_finding_review(request, fid): finding = get_object_or_404(Finding, id=fid) @@ -2699,6 +2765,10 @@ def _bulk_update_finding_status_and_severity(finds, form, request, system_settin actually_updated_count = 0 if form.cleaned_data["severity"] or form.cleaned_data["status"]: + # Accumulate findings for batched FP-history processing after the per-finding loop + fp_findings = [] # findings being marked as FP + reactivation_findings = [] # findings being un-FP'd (retroactive reactivation) + for find in finds: old_find = copy.deepcopy(find) @@ -2738,27 +2808,70 @@ def _bulk_update_finding_status_and_severity(finds, form, request, system_settin actually_updated_count += 1 if system_settings.false_positive_history: - # If finding is being marked as false positive if find.false_p: - do_false_positive_history(find) - - # If finding was a false positive and is being reactivated: retroactively reactivates all equal findings + fp_findings.append(find) elif old_find.false_p and not find.false_p: - if system_settings.retroactive_false_positive_history: - logger.debug("FALSE_POSITIVE_HISTORY: Reactivating existing findings based on: %s", find) - - existing_fp_findings = match_finding_to_existing_findings( - find, product=find.test.engagement.product, - ).filter(false_p=True) - - for fp in existing_fp_findings: - logger.debug("FALSE_POSITIVE_HISTORY: Reactivating false positive %i: %s", fp.id, fp) - fp.active = find.active - fp.verified = find.verified - fp.false_p = False - fp.out_of_scope = find.out_of_scope - fp.is_mitigated = find.is_mitigated - fp.save_no_options() + reactivation_findings.append(find) + + # --- Batch FP history: one DB query per (product, algorithm) group instead of one per finding --- + if system_settings.false_positive_history and fp_findings: + groups: dict = defaultdict(list) + for find in fp_findings: + groups[find.test.engagement.product_id, find.test.deduplication_algorithm].append(find) + for group_findings in groups.values(): + do_false_positive_history_batch(group_findings) + + # --- Batch retroactive reactivation --- + if ( + system_settings.false_positive_history + and system_settings.retroactive_false_positive_history + and reactivation_findings + ): + all_fp_ids_to_reactivate: set = set() + groups = defaultdict(list) + for find in reactivation_findings: + groups[find.test.engagement.product_id, find.test.deduplication_algorithm].append(find) + for (_, dedup_alg), group_findings in groups.items(): + product = group_findings[0].test.engagement.product + candidates = _fetch_fp_candidates_for_batch(group_findings, product, dedup_alg) + for find in group_findings: + if dedup_alg == "unique_id_from_tool_or_hash_code": + by_uid, by_hash = candidates + uid_matches = by_uid.get(find.unique_id_from_tool, []) if find.unique_id_from_tool else [] + hash_matches = by_hash.get(find.hash_code, []) if find.hash_code else [] + seen: dict = {} + for ef in uid_matches + hash_matches: + seen.setdefault(ef.id, ef) + existing = list(seen.values()) + elif dedup_alg == "hash_code": + existing = candidates.get(find.hash_code, []) if find.hash_code else [] + elif dedup_alg == "unique_id_from_tool": + existing = candidates.get(find.unique_id_from_tool, []) if find.unique_id_from_tool else [] + elif dedup_alg == "legacy": + lookup_key = (find.title.lower(), find.severity) if find.title else None + existing = candidates.get(lookup_key, []) if lookup_key else [] + else: + existing = [] + for ef in existing: + if ef.false_p: + all_fp_ids_to_reactivate.add(ef.id) + + if all_fp_ids_to_reactivate: + logger.debug( + "FALSE_POSITIVE_HISTORY: Reactivating %i finding(s): %s", + len(all_fp_ids_to_reactivate), + sorted(all_fp_ids_to_reactivate), + ) + # All reactivation findings received the same form values, so a single bulk update covers all. + # QuerySet.update() bypasses Django signals, which is intentional here — it mirrors + # the previous save_no_options() calls that also disabled all post-save processing. + Finding.objects.filter(id__in=all_fp_ids_to_reactivate).update( + false_p=False, + active=form.cleaned_data["active"], + verified=form.cleaned_data["verified"], + out_of_scope=form.cleaned_data["out_of_scope"], + is_mitigated=form.cleaned_data["is_mitigated"], + ) for prod in prods: calculate_grade(prod.id) diff --git a/dojo/fixtures/defect_dojo_sample_data.json b/dojo/fixtures/defect_dojo_sample_data.json index c673a6dcedb..bb1e0ada9ce 100644 --- a/dojo/fixtures/defect_dojo_sample_data.json +++ b/dojo/fixtures/defect_dojo_sample_data.json @@ -18,7 +18,7 @@ }, { "fields": { - "date_joined": "2022-07-06T07:59:51Z", + "date_joined": "2025-07-03T00:39:24Z", "email": "", "first_name": "", "groups": [], @@ -545,7 +545,7 @@ "fields": { "acronym": "HIPAA", "category": "medical", - "description": "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum-Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.", + "description": "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy\u2013Kassebaum Act or Kassebaum-Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.", "jurisdiction": "United States", "name": "Health Insurance Portability and Accountability Act", "reference": "http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act" @@ -569,9 +569,9 @@ "fields": { "acronym": "SOX", "category": "finance", - "description": "The Sarbanes–Oxley Act of 2002 (SOX) is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms. There are also a number of provisions of the Act that also apply to privately held companies, for example the willful destruction of evidence to impede a Federal investigation.", + "description": "The Sarbanes\u2013Oxley Act of 2002 (SOX) is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms. There are also a number of provisions of the Act that also apply to privately held companies, for example the willful destruction of evidence to impede a Federal investigation.", "jurisdiction": "United States", - "name": "Sarbanes–Oxley Act", + "name": "Sarbanes\u2013Oxley Act", "reference": "http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act" }, "model": "dojo.regulation", @@ -581,9 +581,9 @@ "fields": { "acronym": "GLBA", "category": "finance", - "description": "The Gramm–Leach–Bliley Act (GLBA) is an act of the 106th United States Congress. It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company. With the bipartisan passage of the Gramm–Leach–Bliley Act, commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Furthermore, it failed to give to the SEC or any other financial regulatory agency the authority to regulate large investment bank holding companies.", + "description": "The Gramm\u2013Leach\u2013Bliley Act (GLBA) is an act of the 106th United States Congress. It repealed part of the Glass\u2013Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company. With the bipartisan passage of the Gramm\u2013Leach\u2013Bliley Act, commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Furthermore, it failed to give to the SEC or any other financial regulatory agency the authority to regulate large investment bank holding companies.", "jurisdiction": "United States", - "name": "Gramm–Leach–Bliley Act", + "name": "Gramm\u2013Leach\u2013Bliley Act", "reference": "http://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act" }, "model": "dojo.regulation", @@ -678,7 +678,7 @@ "acronym": "GDPR", "category": "privacy", "description": "The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.\r\n\r\nSuperseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personally identifiable information of data subjects inside the European Union, and applies to all enterprises, regardless of location, that are doing business with the European Economic Area. Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data's owner. The data owner has the right to revoke this permission at any time.", - "jurisdiction": "EU \u0026 EU Data Extra-Territorial Applicability", + "jurisdiction": "EU & EU Data Extra-Territorial Applicability", "name": "General Data Protection Regulation", "reference": "https://www.eugdpr.org/" }, @@ -2603,7 +2603,7 @@ "async_updating": false, "business_criticality": "high", "created": null, - "description": "Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers", + "description": "Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable\u2014where the company enters money received\r\n* Accounts payable\u2014where the company enters its bills and pays money it owes\r\n* General ledger\u2014the company's \"books\"\r\n* Billing\u2014where the company produces invoices to clients/customers", "disable_sla_breach_notifications": false, "enable_full_risk_acceptance": true, "enable_product_tag_inheritance": false, @@ -2774,8 +2774,8 @@ "source_code_management_uri": null, "status": "In Progress", "tags": [], - "target_end": "2022-07-05", - "target_start": "2022-07-05", + "target_end": "2025-07-01", + "target_start": "2025-07-01", "test_strategy": null, "threat_model": true, "tmodel_path": "none", @@ -2821,8 +2821,8 @@ "source_code_management_uri": null, "status": "Completed", "tags": [], - "target_end": "2022-07-05", - "target_start": "2022-07-05", + "target_end": "2025-07-01", + "target_start": "2025-07-01", "test_strategy": "", "threat_model": true, "tmodel_path": "none", @@ -2868,8 +2868,8 @@ "source_code_management_uri": null, "status": "Completed", "tags": [], - "target_end": "2022-06-27", - "target_start": "2022-06-26", + "target_end": "2025-06-23", + "target_start": "2025-06-22", "test_strategy": null, "threat_model": true, "tmodel_path": "none", @@ -2915,8 +2915,8 @@ "source_code_management_uri": null, "status": "Completed", "tags": [], - "target_end": "2022-11-15", - "target_start": "2022-11-08", + "target_end": "2025-11-11", + "target_start": "2025-11-04", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -2964,8 +2964,8 @@ "tags": [ "pci" ], - "target_end": "2023-01-31", - "target_start": "2023-01-24", + "target_end": "2026-01-27", + "target_start": "2026-01-20", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -3009,8 +3009,8 @@ "source_code_management_uri": null, "status": "", "tags": [], - "target_end": "2022-11-08", - "target_start": "2022-11-08", + "target_end": "2025-11-04", + "target_start": "2025-11-04", "test_strategy": null, "threat_model": true, "tmodel_path": "none", @@ -3056,8 +3056,8 @@ "source_code_management_uri": null, "status": "Not Started", "tags": [], - "target_end": "2023-01-01", - "target_start": "2022-12-25", + "target_end": "2025-12-28", + "target_start": "2025-12-21", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -3105,8 +3105,8 @@ "tags": [ "pci" ], - "target_end": "2022-11-09", - "target_start": "2022-11-09", + "target_end": "2025-11-05", + "target_start": "2025-11-05", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -3152,8 +3152,8 @@ "source_code_management_uri": null, "status": "Blocked", "tags": [], - "target_end": "2023-01-07", - "target_start": "2023-01-04", + "target_end": "2026-01-03", + "target_start": "2025-12-31", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -3199,8 +3199,8 @@ "source_code_management_uri": "https://github.com/psiinon/bodgeit", "status": "Completed", "tags": [], - "target_end": "2022-11-16", - "target_start": "2022-11-09", + "target_end": "2025-11-12", + "target_start": "2025-11-05", "test_strategy": null, "threat_model": false, "tmodel_path": "none", @@ -3244,8 +3244,8 @@ "source_code_management_uri": null, "status": "In Progress", "tags": [], - "target_end": "2022-11-09", - "target_start": "2022-11-09", + "target_end": "2025-11-05", + "target_start": "2025-11-05", "test_strategy": null, "threat_model": false, "tmodel_path": "none", @@ -3645,8 +3645,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2022-03-04T00:00:00Z", - "target_start": "2022-02-23T00:00:00Z", + "target_end": "2025-02-28T16:39:33Z", + "target_start": "2025-02-19T16:39:33Z", "test_type": 1, "title": null, "updated": null, @@ -3674,8 +3674,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2022-03-27T01:00:00Z", - "target_start": "2022-03-26T01:00:00Z", + "target_end": "2025-03-23T17:39:33Z", + "target_start": "2025-03-22T17:39:33Z", "test_type": 1, "title": null, "updated": null, @@ -3701,8 +3701,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2022-03-04T00:00:00Z", - "target_start": "2022-02-23T00:00:00Z", + "target_end": "2025-02-28T16:39:33Z", + "target_start": "2025-02-19T16:39:33Z", "test_type": 1, "title": null, "updated": null, @@ -3730,8 +3730,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2022-11-08T00:00:00Z", - "target_start": "2022-11-08T00:00:00Z", + "target_end": "2025-11-04T16:39:33Z", + "target_start": "2025-11-04T16:39:33Z", "test_type": 12, "title": null, "updated": "2022-11-10T06:00:41.489932529Z", @@ -3759,8 +3759,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2022-11-08T00:00:00Z", - "target_start": "2022-11-08T00:00:00Z", + "target_end": "2025-11-04T16:39:33Z", + "target_start": "2025-11-04T16:39:33Z", "test_type": 12, "title": null, "updated": "2022-11-10T06:02:36.065932529Z", @@ -3788,8 +3788,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2023-01-29T00:00:00Z", - "target_start": "2023-01-24T00:00:00Z", + "target_end": "2026-01-25T16:39:33Z", + "target_start": "2026-01-20T16:39:33Z", "test_type": 21, "title": null, "updated": "2022-11-10T06:25:44.929932529Z", @@ -3844,8 +3844,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2023-01-01T00:00:00Z", - "target_start": "2022-12-25T00:00:00Z", + "target_end": "2025-12-28T16:39:33Z", + "target_start": "2025-12-21T16:39:33Z", "test_type": 1, "title": null, "updated": "2022-11-10T06:42:20.027932529Z", @@ -3873,8 +3873,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2023-01-01T00:00:00Z", - "target_start": "2022-12-25T00:00:00Z", + "target_end": "2025-12-28T16:39:33Z", + "target_start": "2025-12-21T16:39:33Z", "test_type": 19, "title": null, "updated": "2022-11-10T06:42:34.336932529Z", @@ -3902,8 +3902,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2023-01-01T00:00:00Z", - "target_start": "2022-12-25T00:00:00Z", + "target_end": "2025-12-28T16:39:33Z", + "target_start": "2025-12-21T16:39:33Z", "test_type": 17, "title": null, "updated": "2022-11-10T06:42:52.637932529Z", @@ -3931,8 +3931,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2023-01-01T00:00:00Z", - "target_start": "2022-12-25T00:00:00Z", + "target_end": "2025-12-28T16:39:33Z", + "target_start": "2025-12-21T16:39:33Z", "test_type": 11, "title": null, "updated": "2022-11-10T06:43:12.741932529Z", @@ -3960,8 +3960,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2022-11-09T00:00:00Z", - "target_start": "2022-11-09T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 17, "title": null, "updated": "2022-11-11T03:43:46.740932529Z", @@ -3989,8 +3989,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2022-11-09T00:00:00Z", - "target_start": "2022-11-09T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 28, "title": null, "updated": "2022-11-11T03:45:17.376932529Z", @@ -4018,8 +4018,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2022-11-09T00:00:00Z", - "target_start": "2022-11-09T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 9, "title": null, "updated": "2022-11-11T03:46:28.443932529Z", @@ -4047,8 +4047,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2022-11-16T00:00:00Z", - "target_start": "2022-11-09T00:00:00Z", + "target_end": "2025-11-12T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 29, "title": null, "updated": "2022-11-11T03:53:34.915932529Z", @@ -4076,8 +4076,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2022-11-16T00:00:00Z", - "target_start": "2022-11-09T00:00:00Z", + "target_end": "2025-11-12T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 3, "title": null, "updated": "2022-11-11T03:53:46.425932529Z", @@ -4105,8 +4105,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2022-11-09T00:00:00Z", - "target_start": "2022-11-09T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 30, "title": null, "updated": "2022-11-11T04:06:28.960932529Z", @@ -4134,8 +4134,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2022-11-09T00:00:00Z", - "target_start": "2022-11-09T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 9, "title": null, "updated": "2022-11-11T07:42:16.411932529Z", @@ -4154,7 +4154,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": null, - "date": "2022-03-26", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -4208,7 +4208,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-04-25", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4237,7 +4237,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": null, - "date": "2022-03-26", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -4291,7 +4291,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-04-25", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4320,7 +4320,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": null, - "date": "2022-03-26", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -4374,7 +4374,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-04-25", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4403,7 +4403,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": null, - "date": "2022-03-26", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -4457,7 +4457,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-04-25", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4486,7 +4486,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": null, - "date": "2022-03-26", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -4540,7 +4540,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-04-25", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4569,7 +4569,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 1, - "date": "2022-03-25", + "date": "2025-03-21", "defect_review_requested_by": [ "product_manager" ], @@ -4623,7 +4623,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-04-24", + "sla_expiration_date": "2025-04-20", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4652,9 +4652,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -4704,7 +4704,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4733,9 +4733,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -4785,7 +4785,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4814,9 +4814,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 829, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -4866,7 +4866,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4895,9 +4895,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -4947,7 +4947,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4976,9 +4976,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5028,7 +5028,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5057,9 +5057,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5109,7 +5109,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5138,9 +5138,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 10706, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5190,7 +5190,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5219,9 +5219,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5271,7 +5271,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5300,9 +5300,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5352,7 +5352,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5381,9 +5381,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 330, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5433,7 +5433,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5462,9 +5462,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5514,7 +5514,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5543,9 +5543,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5595,7 +5595,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5624,9 +5624,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\" + type + \"\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5676,7 +5676,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5705,9 +5705,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 329, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5757,7 +5757,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5786,9 +5786,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 182, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5838,7 +5838,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5867,9 +5867,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 646, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5919,7 +5919,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5948,9 +5948,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6000,7 +6000,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6029,9 +6029,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6081,7 +6081,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6110,9 +6110,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 244, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6162,7 +6162,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6191,9 +6191,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 338, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6243,7 +6243,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6272,9 +6272,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 501, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6324,7 +6324,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6353,9 +6353,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\u003cbr/\u003e\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\u003cbr/\u003e\" + e);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6405,7 +6405,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6434,9 +6434,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 784, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6486,7 +6486,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6515,9 +6515,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6567,7 +6567,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6596,9 +6596,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6648,7 +6648,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6677,9 +6677,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6729,7 +6729,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6758,9 +6758,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6810,7 +6810,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6839,9 +6839,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 10706, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6891,7 +6891,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6920,9 +6920,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6972,7 +6972,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7001,9 +7001,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 614, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7053,7 +7053,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7082,9 +7082,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7134,7 +7134,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7163,9 +7163,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003ctd\u003e\u003c%=username%\u003e\u003c/td\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7215,7 +7215,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7244,9 +7244,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7296,7 +7296,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7325,9 +7325,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7377,7 +7377,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7406,9 +7406,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7458,7 +7458,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7487,9 +7487,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7539,7 +7539,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7568,9 +7568,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7620,7 +7620,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7649,9 +7649,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7701,7 +7701,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7730,9 +7730,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7782,7 +7782,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7811,9 +7811,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7863,7 +7863,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7892,9 +7892,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 315, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7944,7 +7944,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7973,9 +7973,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8025,7 +8025,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8054,9 +8054,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8106,7 +8106,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8135,9 +8135,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getInt(\"userid\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"name\") +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8187,7 +8187,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8216,9 +8216,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8268,7 +8268,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8297,9 +8297,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8349,7 +8349,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8378,9 +8378,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 244, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8430,7 +8430,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8459,9 +8459,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8511,7 +8511,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8540,9 +8540,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 384, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8592,7 +8592,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8621,9 +8621,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\u003c/TD\u003e\u003cTD\u003e\" + rs.getString(\"PRICE\") + \"\u003c/TD\u003e\u003c/TR\u003e\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\u003c/TD\u003e\u003cTD\u003e\" + rs.getString(\"PRICE\") + \"\u003c/TD\u003e\u003c/TR\u003e\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\u003cTR\u003e\u003cTD\u003e\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\u003cTR\u003e\u003cTD\u003e\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8673,7 +8673,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8702,9 +8702,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8754,7 +8754,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8783,9 +8783,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8835,7 +8835,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8864,9 +8864,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8916,7 +8916,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8945,9 +8945,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 10706, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8997,7 +8997,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9026,9 +9026,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9078,7 +9078,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9107,9 +9107,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\" + type + \"\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9159,7 +9159,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9188,9 +9188,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9240,7 +9240,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9269,9 +9269,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9321,7 +9321,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9350,9 +9350,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9402,7 +9402,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9431,9 +9431,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9483,7 +9483,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9512,9 +9512,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9564,7 +9564,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9593,9 +9593,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9645,7 +9645,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9674,9 +9674,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 362, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\u003ctd align=\\\"right\\\"\u003e\" + nf.format(pricetopay) + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9726,7 +9726,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9755,9 +9755,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9807,7 +9807,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9836,9 +9836,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9888,7 +9888,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9917,9 +9917,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \u003cinput type=\"hidden\" id=\"user\" name=\"\u003c%=username%\u003e\" value=\"\"/\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9969,7 +9969,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9998,9 +9998,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 338, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10050,7 +10050,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10079,9 +10079,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10131,7 +10131,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10160,9 +10160,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10212,7 +10212,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10241,9 +10241,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10293,7 +10293,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10322,9 +10322,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10374,7 +10374,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10403,9 +10403,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10455,7 +10455,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10484,9 +10484,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 601, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** \u003ca href=\"javascript:window.location=window.location.href\"\u003eNew Search\u003c/a\u003e\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** \u003ca href=\"javascript:window.location=window.location.href\"\u003eNew Search\u003c/a\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10536,7 +10536,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10565,9 +10565,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10617,7 +10617,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10646,9 +10646,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10698,7 +10698,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10727,9 +10727,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 330, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10779,7 +10779,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10808,9 +10808,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 829, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10860,7 +10860,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10889,9 +10889,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\u003cscript\u003ealert(\\\"xss\\\")\u003c/script\u003e\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** \u003cb\u003eYou searched for:\u003c/b\u003e \u003c%= query %\u003e\u003cbr/\u003e\u003cbr/\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10941,7 +10941,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10970,9 +10970,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 614, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11022,7 +11022,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11051,9 +11051,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11103,7 +11103,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11132,9 +11132,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 321, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11184,7 +11184,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11213,9 +11213,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 784, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11265,7 +11265,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11294,9 +11294,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11346,7 +11346,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11375,9 +11375,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getInt(\"userid\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"name\") +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11427,7 +11427,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11456,9 +11456,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 244, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11508,7 +11508,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11537,9 +11537,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11589,7 +11589,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11618,9 +11618,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11670,7 +11670,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11699,9 +11699,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11751,7 +11751,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11780,9 +11780,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \u003ca href=\\\"password.jsp\\\"\u003e\" + username + \"\u003c/a\u003e\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \u003ca href=\\\"password.jsp\\\"\u003e\" + username + \"\u003c/a\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11832,7 +11832,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11861,9 +11861,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11913,7 +11913,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11942,9 +11942,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 10706, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11994,7 +11994,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12023,9 +12023,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 321, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12075,7 +12075,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12104,9 +12104,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12156,7 +12156,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12185,9 +12185,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12237,7 +12237,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12266,9 +12266,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12318,7 +12318,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12347,9 +12347,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12399,7 +12399,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12428,9 +12428,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12480,7 +12480,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12509,9 +12509,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12561,7 +12561,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12590,9 +12590,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12642,7 +12642,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12671,9 +12671,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12723,7 +12723,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12752,9 +12752,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12804,7 +12804,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12833,9 +12833,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 784, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12885,7 +12885,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12914,9 +12914,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12966,7 +12966,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12995,9 +12995,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 567, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13047,7 +13047,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13076,9 +13076,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13128,7 +13128,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13157,9 +13157,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13209,7 +13209,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13238,9 +13238,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13290,7 +13290,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13319,9 +13319,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 384, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13371,7 +13371,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13400,9 +13400,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13452,7 +13452,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13481,9 +13481,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13533,7 +13533,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13562,9 +13562,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13614,7 +13614,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13643,9 +13643,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13695,7 +13695,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13724,9 +13724,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13776,7 +13776,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13805,9 +13805,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13857,7 +13857,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13886,9 +13886,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13938,7 +13938,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13967,9 +13967,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14019,7 +14019,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14048,9 +14048,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14100,7 +14100,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14129,9 +14129,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 330, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14181,7 +14181,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14210,9 +14210,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \u003cinput type=\"hidden\" id=\"user\" name=\"\u003c%=username%\u003e\" value=\"\"/\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14262,7 +14262,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14291,9 +14291,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 10706, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14343,7 +14343,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14372,9 +14372,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 614, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14424,7 +14424,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14453,9 +14453,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14505,7 +14505,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14534,9 +14534,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 362, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\u003c/td\u003e\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14586,7 +14586,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14615,9 +14615,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14667,7 +14667,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14696,9 +14696,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14748,7 +14748,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14777,9 +14777,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 244, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14829,7 +14829,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14858,9 +14858,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14910,7 +14910,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14939,9 +14939,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14991,7 +14991,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15020,9 +15020,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15072,7 +15072,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15101,9 +15101,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 352, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15153,7 +15153,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15182,9 +15182,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15234,7 +15234,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15263,9 +15263,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15315,7 +15315,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15344,9 +15344,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15396,7 +15396,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15425,9 +15425,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15477,7 +15477,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15506,9 +15506,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 829, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15558,7 +15558,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15587,9 +15587,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15639,7 +15639,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15668,9 +15668,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15720,7 +15720,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15749,9 +15749,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15801,7 +15801,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15830,9 +15830,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 10706, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15882,7 +15882,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15911,9 +15911,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15963,7 +15963,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15992,9 +15992,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16044,7 +16044,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16073,9 +16073,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 330, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16125,7 +16125,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16154,9 +16154,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16206,7 +16206,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16235,9 +16235,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16287,7 +16287,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16316,9 +16316,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\" + type + \"\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16368,7 +16368,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16397,9 +16397,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 329, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16449,7 +16449,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16478,9 +16478,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 182, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16530,7 +16530,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16559,9 +16559,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 646, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16611,7 +16611,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16640,9 +16640,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16692,7 +16692,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16721,9 +16721,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16773,7 +16773,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16802,9 +16802,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 244, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16854,7 +16854,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16883,9 +16883,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 338, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16935,7 +16935,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16964,9 +16964,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 501, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17016,7 +17016,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17045,9 +17045,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\u003cbr/\u003e\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\u003cbr/\u003e\" + e);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17097,7 +17097,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17126,9 +17126,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 784, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17178,7 +17178,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17207,9 +17207,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17259,7 +17259,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17288,9 +17288,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17340,7 +17340,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17369,9 +17369,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17421,7 +17421,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17450,9 +17450,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17502,7 +17502,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17531,9 +17531,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 10706, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17583,7 +17583,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17612,9 +17612,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17664,7 +17664,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17693,9 +17693,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 614, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17745,7 +17745,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17774,9 +17774,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17826,7 +17826,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17855,9 +17855,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003ctd\u003e\u003c%=username%\u003e\u003c/td\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17907,7 +17907,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17936,9 +17936,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17988,7 +17988,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18017,9 +18017,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18069,7 +18069,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18098,9 +18098,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18150,7 +18150,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18179,9 +18179,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18231,7 +18231,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18260,9 +18260,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18312,7 +18312,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18341,9 +18341,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18393,7 +18393,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18422,9 +18422,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18474,7 +18474,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18503,9 +18503,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18555,7 +18555,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18584,9 +18584,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 315, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18636,7 +18636,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18665,9 +18665,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18717,7 +18717,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18746,9 +18746,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18798,7 +18798,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18827,9 +18827,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getInt(\"userid\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"name\") +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18879,7 +18879,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18908,9 +18908,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18960,7 +18960,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18989,9 +18989,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19041,7 +19041,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19070,9 +19070,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 244, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19122,7 +19122,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19151,9 +19151,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19203,7 +19203,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19232,9 +19232,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 384, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19284,7 +19284,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19313,9 +19313,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\u003c/TD\u003e\u003cTD\u003e\" + rs.getString(\"PRICE\") + \"\u003c/TD\u003e\u003c/TR\u003e\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\u003c/TD\u003e\u003cTD\u003e\" + rs.getString(\"PRICE\") + \"\u003c/TD\u003e\u003c/TR\u003e\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\u003cTR\u003e\u003cTD\u003e\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\u003cTR\u003e\u003cTD\u003e\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19365,7 +19365,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19394,9 +19394,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19446,7 +19446,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19475,9 +19475,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19527,7 +19527,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19556,9 +19556,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19608,7 +19608,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19637,9 +19637,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 10706, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19689,7 +19689,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19718,9 +19718,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19770,7 +19770,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19799,9 +19799,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\" + type + \"\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19851,7 +19851,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19880,9 +19880,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19932,7 +19932,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19961,9 +19961,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20013,7 +20013,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20042,9 +20042,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20094,7 +20094,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20123,9 +20123,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20175,7 +20175,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20204,9 +20204,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20256,7 +20256,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20285,9 +20285,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20337,7 +20337,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20366,9 +20366,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 362, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\u003ctd align=\\\"right\\\"\u003e\" + nf.format(pricetopay) + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20418,7 +20418,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20447,9 +20447,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20499,7 +20499,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20528,9 +20528,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20580,7 +20580,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20609,9 +20609,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \u003cinput type=\"hidden\" id=\"user\" name=\"\u003c%=username%\u003e\" value=\"\"/\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20661,7 +20661,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20690,9 +20690,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 338, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20742,7 +20742,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20771,9 +20771,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20823,7 +20823,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20852,9 +20852,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20904,7 +20904,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20933,9 +20933,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20985,7 +20985,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21014,9 +21014,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21066,7 +21066,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21095,9 +21095,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21147,7 +21147,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21176,9 +21176,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 601, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** \u003ca href=\"javascript:window.location=window.location.href\"\u003eNew Search\u003c/a\u003e\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** \u003ca href=\"javascript:window.location=window.location.href\"\u003eNew Search\u003c/a\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21228,7 +21228,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21257,9 +21257,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21309,7 +21309,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21338,9 +21338,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21390,7 +21390,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21419,9 +21419,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 330, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21471,7 +21471,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21500,9 +21500,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 829, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21552,7 +21552,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21581,9 +21581,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\u003cscript\u003ealert(\\\"xss\\\")\u003c/script\u003e\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** \u003cb\u003eYou searched for:\u003c/b\u003e \u003c%= query %\u003e\u003cbr/\u003e\u003cbr/\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21633,7 +21633,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21662,9 +21662,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 614, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21714,7 +21714,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21743,9 +21743,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21795,7 +21795,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21824,9 +21824,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 321, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21876,7 +21876,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21905,9 +21905,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 784, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21957,7 +21957,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21986,9 +21986,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22038,7 +22038,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22067,9 +22067,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getInt(\"userid\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"name\") +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22119,7 +22119,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22148,9 +22148,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 244, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22200,7 +22200,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22229,9 +22229,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22281,7 +22281,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22310,9 +22310,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22362,7 +22362,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22391,9 +22391,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22443,7 +22443,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22472,9 +22472,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \u003ca href=\\\"password.jsp\\\"\u003e\" + username + \"\u003c/a\u003e\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \u003ca href=\\\"password.jsp\\\"\u003e\" + username + \"\u003c/a\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22524,7 +22524,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22553,9 +22553,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22605,7 +22605,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22634,9 +22634,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 10706, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22686,7 +22686,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22715,9 +22715,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 321, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22767,7 +22767,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22796,9 +22796,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22848,7 +22848,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22877,9 +22877,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22929,7 +22929,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22958,9 +22958,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23010,7 +23010,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23039,9 +23039,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23091,7 +23091,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23120,9 +23120,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23172,7 +23172,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23201,9 +23201,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23253,7 +23253,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23282,9 +23282,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23334,7 +23334,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23363,9 +23363,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23415,7 +23415,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23444,9 +23444,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23496,7 +23496,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23525,9 +23525,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 784, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23577,7 +23577,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23606,9 +23606,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23658,7 +23658,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23687,9 +23687,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 567, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23739,7 +23739,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23768,9 +23768,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23820,7 +23820,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23849,9 +23849,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23901,7 +23901,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23930,9 +23930,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23982,7 +23982,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24011,9 +24011,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 384, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24063,7 +24063,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24092,9 +24092,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24144,7 +24144,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24173,9 +24173,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 547, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24225,7 +24225,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24254,9 +24254,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24306,7 +24306,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24335,9 +24335,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24387,7 +24387,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24416,9 +24416,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24468,7 +24468,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24497,9 +24497,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24549,7 +24549,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24578,9 +24578,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24630,7 +24630,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24659,9 +24659,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24711,7 +24711,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24740,9 +24740,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24792,7 +24792,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24821,9 +24821,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 330, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24873,7 +24873,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24902,9 +24902,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \u003cinput type=\"hidden\" id=\"user\" name=\"\u003c%=username%\u003e\" value=\"\"/\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24954,7 +24954,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24983,9 +24983,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 10706, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25035,7 +25035,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25064,9 +25064,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 614, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25116,7 +25116,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25145,9 +25145,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25197,7 +25197,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25226,9 +25226,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 362, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\u003c/td\u003e\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25278,7 +25278,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25307,9 +25307,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25359,7 +25359,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25388,9 +25388,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25440,7 +25440,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25469,9 +25469,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 244, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25521,7 +25521,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25550,9 +25550,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25602,7 +25602,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25631,9 +25631,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 259, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25683,7 +25683,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25712,9 +25712,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 209, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25764,7 +25764,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25793,9 +25793,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 352, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25845,7 +25845,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25874,9 +25874,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25926,7 +25926,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25955,9 +25955,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26007,7 +26007,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26036,9 +26036,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 494, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26088,7 +26088,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26117,9 +26117,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 285, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26169,7 +26169,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26198,9 +26198,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 338, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26250,7 +26250,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26279,9 +26279,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 404, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26331,7 +26331,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2021-03-21", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26360,9 +26360,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 79, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26412,7 +26412,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26441,9 +26441,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 330, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26493,7 +26493,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2021-02-19", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26522,9 +26522,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 89, - "date": "2020-11-21", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26574,7 +26574,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-12-21", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26603,7 +26603,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": null, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "asdf", "duplicate": false, @@ -26682,7 +26682,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 1035, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.", "duplicate": false, @@ -26734,7 +26734,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-12-08", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26763,7 +26763,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 1035, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.", "duplicate": false, @@ -26815,7 +26815,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-12-08", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26844,7 +26844,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n", "duplicate": false, @@ -26925,7 +26925,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n", "duplicate": false, @@ -26977,7 +26977,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -27006,7 +27006,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", "duplicate": false, @@ -27058,7 +27058,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -27087,7 +27087,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n", "duplicate": false, @@ -27168,7 +27168,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n", "duplicate": false, @@ -27249,7 +27249,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n", "duplicate": false, @@ -27330,7 +27330,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n", "duplicate": false, @@ -27382,7 +27382,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -27411,7 +27411,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n", "duplicate": false, @@ -27492,7 +27492,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n", "duplicate": false, @@ -27573,7 +27573,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n", "duplicate": false, @@ -27654,7 +27654,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n", "duplicate": false, @@ -27706,7 +27706,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -27735,7 +27735,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", "duplicate": false, @@ -27816,7 +27816,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", "duplicate": false, @@ -27897,7 +27897,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", "duplicate": false, @@ -27949,7 +27949,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -27978,7 +27978,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n", "duplicate": false, @@ -28059,7 +28059,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n", "duplicate": false, @@ -28140,7 +28140,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n", "duplicate": false, @@ -28221,7 +28221,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n", "duplicate": false, @@ -28302,7 +28302,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", "duplicate": false, @@ -28354,7 +28354,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -28383,7 +28383,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", "duplicate": false, @@ -28464,9 +28464,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, - "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto \u003cscript\u003ealert(1)\u003c/script\u003enwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 \u003cscript\u003ealert(1)\u003c/script\u003ejledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": true, @@ -28491,7 +28491,7 @@ "line": null, "mitigated": null, "mitigated_by": null, - "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", "nb_occurences": null, "notes": [], "numerical_severity": "S1", @@ -28516,7 +28516,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-12-08", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -28545,7 +28545,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/\n\n\n", "duplicate": false, @@ -28597,7 +28597,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -28626,7 +28626,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", "duplicate": false, @@ -28678,7 +28678,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -28707,7 +28707,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", "duplicate": false, @@ -28788,7 +28788,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", "duplicate": false, @@ -28869,7 +28869,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", "duplicate": false, @@ -28921,7 +28921,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-12-08", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -28950,7 +28950,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", "duplicate": false, @@ -28977,7 +28977,7 @@ "line": null, "mitigated": null, "mitigated_by": null, - "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\u003c!doctype html\u003e\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", "nb_occurences": null, "notes": [], "numerical_severity": "S4", @@ -29031,7 +29031,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", "duplicate": false, @@ -29083,7 +29083,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-12-08", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -29112,7 +29112,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n", "duplicate": false, @@ -29164,7 +29164,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -29193,7 +29193,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", "duplicate": false, @@ -29245,7 +29245,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -29274,7 +29274,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", "duplicate": false, @@ -29326,7 +29326,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -29355,7 +29355,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", "duplicate": false, @@ -29407,7 +29407,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -29436,7 +29436,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n", "duplicate": false, @@ -29455,7 +29455,7 @@ "impact": "", "inherited_tags": [], "is_mitigated": false, - "last_reviewed": "2022-11-10T07:07:19Z", + "last_reviewed": "2025-11-06T23:46:52Z", "last_reviewed_by": [ "admin" ], @@ -29488,7 +29488,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -29517,7 +29517,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", "duplicate": false, @@ -29569,7 +29569,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -29598,7 +29598,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", "duplicate": false, @@ -29650,7 +29650,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -29679,7 +29679,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", "duplicate": false, @@ -29731,7 +29731,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -29760,7 +29760,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", "duplicate": false, @@ -29812,7 +29812,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -29841,7 +29841,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", "duplicate": false, @@ -29893,7 +29893,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -29922,7 +29922,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n", "duplicate": false, @@ -29974,7 +29974,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -30003,7 +30003,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n", "duplicate": false, @@ -30055,7 +30055,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -30084,7 +30084,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n", "duplicate": false, @@ -30136,7 +30136,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -30165,7 +30165,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n", "duplicate": false, @@ -30217,7 +30217,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -30246,7 +30246,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", "duplicate": false, @@ -30298,7 +30298,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -30327,7 +30327,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n", "duplicate": false, @@ -30379,7 +30379,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -30408,9 +30408,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, - "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(\u0026version)\n", + "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -30460,7 +30460,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -30489,7 +30489,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n", "duplicate": false, @@ -30541,7 +30541,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -30570,7 +30570,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", "duplicate": false, @@ -30622,7 +30622,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -30651,7 +30651,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", "duplicate": false, @@ -30703,7 +30703,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -30732,7 +30732,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", "duplicate": false, @@ -30784,7 +30784,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -30813,7 +30813,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n", "duplicate": false, @@ -30865,7 +30865,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -30894,7 +30894,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", "duplicate": false, @@ -30946,7 +30946,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -30975,7 +30975,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n", "duplicate": false, @@ -31027,7 +31027,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -31056,7 +31056,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", "duplicate": false, @@ -31108,7 +31108,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -31137,7 +31137,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", "duplicate": false, @@ -31189,7 +31189,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -31218,7 +31218,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n", "duplicate": false, @@ -31270,7 +31270,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -31299,7 +31299,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n", "duplicate": false, @@ -31351,7 +31351,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -31380,7 +31380,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", "duplicate": false, @@ -31432,7 +31432,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -31461,7 +31461,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", "duplicate": false, @@ -31542,9 +31542,9 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, - "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto \u003cscript\u003ealert(1)\u003c/script\u003enwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 \u003cscript\u003ealert(1)\u003c/script\u003ejledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": true, @@ -31569,7 +31569,7 @@ "line": null, "mitigated": null, "mitigated_by": null, - "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", "nb_occurences": null, "notes": [], "numerical_severity": "S1", @@ -31594,7 +31594,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-12-08", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -31623,7 +31623,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/\n\n\n", "duplicate": false, @@ -31675,7 +31675,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2023-03-08", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -31704,7 +31704,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", "duplicate": false, @@ -31756,7 +31756,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2023-02-06", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -31785,7 +31785,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", "duplicate": false, @@ -31866,7 +31866,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", "duplicate": false, @@ -31947,7 +31947,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", "duplicate": false, @@ -31999,7 +31999,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-12-08", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -32028,7 +32028,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", "duplicate": false, @@ -32055,7 +32055,7 @@ "line": null, "mitigated": null, "mitigated_by": null, - "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\u003c!doctype html\u003e\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", "nb_occurences": null, "notes": [], "numerical_severity": "S4", @@ -32109,7 +32109,7 @@ "cvssv3": null, "cvssv3_score": null, "cwe": 0, - "date": "2022-11-08", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", "duplicate": false, @@ -32161,7 +32161,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-12-08", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -32182,7 +32182,7 @@ }, { "fields": { - "date": "2022-03-14", + "date": "2025-03-10", "description": "test stub finding", "reporter": [ "admin" @@ -32196,7 +32196,7 @@ }, { "fields": { - "date": "2022-03-14", + "date": "2025-03-10", "description": "test stub finding", "reporter": [ "admin" @@ -32210,7 +32210,7 @@ }, { "fields": { - "date": "2022-03-14", + "date": "2025-03-10", "description": "test stub finding", "reporter": [ "admin" @@ -42170,8 +42170,8 @@ }, { "fields": { - "created": "2019-06-22T19:31:16Z", - "modified": "2019-06-22T19:31:16Z", + "created": "2022-06-19T12:10:49Z", + "modified": "2022-06-19T12:10:49Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42185,8 +42185,8 @@ }, { "fields": { - "created": "2019-06-22T19:31:30Z", - "modified": "2019-06-22T19:31:30Z", + "created": "2022-06-19T12:11:03Z", + "modified": "2022-06-19T12:11:03Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42200,8 +42200,8 @@ }, { "fields": { - "created": "2019-06-22T19:31:45Z", - "modified": "2019-06-22T19:31:45Z", + "created": "2022-06-19T12:11:18Z", + "modified": "2022-06-19T12:11:18Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42215,8 +42215,8 @@ }, { "fields": { - "created": "2019-06-22T19:52:57Z", - "modified": "2019-06-22T19:52:57Z", + "created": "2022-06-19T12:32:30Z", + "modified": "2022-06-19T12:32:30Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42230,8 +42230,8 @@ }, { "fields": { - "created": "2019-06-22T19:53:37Z", - "modified": "2019-06-22T19:53:37Z", + "created": "2022-06-19T12:33:10Z", + "modified": "2022-06-19T12:33:10Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42245,8 +42245,8 @@ }, { "fields": { - "created": "2019-06-22T19:54:20Z", - "modified": "2019-06-22T19:54:20Z", + "created": "2022-06-19T12:33:53Z", + "modified": "2022-06-19T12:33:53Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42260,8 +42260,8 @@ }, { "fields": { - "created": "2019-06-22T19:54:34Z", - "modified": "2019-06-22T19:54:34Z", + "created": "2022-06-19T12:34:07Z", + "modified": "2022-06-19T12:34:07Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42275,8 +42275,8 @@ }, { "fields": { - "created": "2019-06-22T19:54:48Z", - "modified": "2019-06-22T19:54:48Z", + "created": "2022-06-19T12:34:21Z", + "modified": "2022-06-19T12:34:21Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42290,8 +42290,8 @@ }, { "fields": { - "created": "2019-06-22T19:55:00Z", - "modified": "2019-06-22T19:55:00Z", + "created": "2022-06-19T12:34:33Z", + "modified": "2022-06-19T12:34:33Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42305,8 +42305,8 @@ }, { "fields": { - "created": "2019-06-22T19:55:20Z", - "modified": "2019-06-22T19:55:20Z", + "created": "2022-06-19T12:34:53Z", + "modified": "2022-06-19T12:34:53Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42320,8 +42320,8 @@ }, { "fields": { - "created": "2019-06-22T19:56:24Z", - "modified": "2019-06-22T19:56:24Z", + "created": "2022-06-19T12:35:57Z", + "modified": "2022-06-19T12:35:57Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42335,8 +42335,8 @@ }, { "fields": { - "created": "2019-06-22T19:57:22Z", - "modified": "2019-06-22T19:57:22Z", + "created": "2022-06-19T12:36:55Z", + "modified": "2022-06-19T12:36:55Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42350,8 +42350,8 @@ }, { "fields": { - "created": "2019-06-22T19:57:34Z", - "modified": "2019-06-22T19:57:34Z", + "created": "2022-06-19T12:37:07Z", + "modified": "2022-06-19T12:37:07Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42365,8 +42365,8 @@ }, { "fields": { - "created": "2019-06-22T19:57:55Z", - "modified": "2019-06-22T19:57:55Z", + "created": "2022-06-19T12:37:28Z", + "modified": "2022-06-19T12:37:28Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42380,8 +42380,8 @@ }, { "fields": { - "created": "2019-06-22T19:58:36Z", - "modified": "2019-06-22T19:58:36Z", + "created": "2022-06-19T12:38:09Z", + "modified": "2022-06-19T12:38:09Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42395,8 +42395,8 @@ }, { "fields": { - "created": "2019-06-22T20:00:35Z", - "modified": "2019-06-22T20:00:35Z", + "created": "2022-06-19T12:40:08Z", + "modified": "2022-06-19T12:40:08Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42410,8 +42410,8 @@ }, { "fields": { - "created": "2019-06-22T20:00:46Z", - "modified": "2019-06-22T20:00:46Z", + "created": "2022-06-19T12:40:19Z", + "modified": "2022-06-19T12:40:19Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42425,8 +42425,8 @@ }, { "fields": { - "created": "2019-06-22T20:00:58Z", - "modified": "2019-06-22T20:00:58Z", + "created": "2022-06-19T12:40:31Z", + "modified": "2022-06-19T12:40:31Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42440,8 +42440,8 @@ }, { "fields": { - "created": "2019-06-22T20:02:18Z", - "modified": "2019-06-22T20:02:18Z", + "created": "2022-06-19T12:41:51Z", + "modified": "2022-06-19T12:41:51Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42455,8 +42455,8 @@ }, { "fields": { - "created": "2019-06-22T20:02:32Z", - "modified": "2019-06-22T20:02:32Z", + "created": "2022-06-19T12:42:05Z", + "modified": "2022-06-19T12:42:05Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42470,23 +42470,23 @@ }, { "fields": { - "created": "2019-06-22T20:02:46Z", - "modified": "2019-06-22T20:02:46Z", + "created": "2022-06-19T12:42:19Z", + "modified": "2022-06-19T12:42:19Z", "optional": false, "order": 1, "polymorphic_ctype": [ "dojo", "benchmark_category" ], - "text": "When does information cross a privacy boundary within your application flow? For instance public cloud -\u003e private cloud, public internet -\u003e public cloud, etc." + "text": "When does information cross a privacy boundary within your application flow? For instance public cloud -> private cloud, public internet -> public cloud, etc." }, "model": "dojo.question", "pk": 23 }, { "fields": { - "created": "2019-06-22T20:02:57Z", - "modified": "2019-06-22T20:02:57Z", + "created": "2022-06-19T12:42:30Z", + "modified": "2022-06-19T12:42:30Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42500,8 +42500,8 @@ }, { "fields": { - "created": "2019-06-22T20:04:46Z", - "modified": "2019-06-22T20:04:46Z", + "created": "2022-06-19T12:44:19Z", + "modified": "2022-06-19T12:44:19Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42515,8 +42515,8 @@ }, { "fields": { - "created": "2019-06-22T20:05:10Z", - "modified": "2019-06-22T20:05:10Z", + "created": "2022-06-19T12:44:43Z", + "modified": "2022-06-19T12:44:43Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42530,8 +42530,8 @@ }, { "fields": { - "created": "2019-06-22T20:05:22Z", - "modified": "2019-06-22T20:05:22Z", + "created": "2022-06-19T12:44:55Z", + "modified": "2022-06-19T12:44:55Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42545,8 +42545,8 @@ }, { "fields": { - "created": "2019-06-22T20:05:32Z", - "modified": "2019-06-22T20:05:32Z", + "created": "2022-06-19T12:45:05Z", + "modified": "2022-06-19T12:45:05Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42560,8 +42560,8 @@ }, { "fields": { - "created": "2019-06-22T20:05:43Z", - "modified": "2019-06-22T20:05:43Z", + "created": "2022-06-19T12:45:16Z", + "modified": "2022-06-19T12:45:16Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42575,8 +42575,8 @@ }, { "fields": { - "created": "2019-06-22T20:05:57Z", - "modified": "2019-06-22T20:05:57Z", + "created": "2022-06-19T12:45:30Z", + "modified": "2022-06-19T12:45:30Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42590,8 +42590,8 @@ }, { "fields": { - "created": "2019-06-22T20:06:15Z", - "modified": "2019-06-22T20:06:15Z", + "created": "2022-06-19T12:45:48Z", + "modified": "2022-06-19T12:45:48Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42605,8 +42605,8 @@ }, { "fields": { - "created": "2019-06-22T20:08:08Z", - "modified": "2019-06-22T20:08:08Z", + "created": "2022-06-19T12:47:41Z", + "modified": "2022-06-19T12:47:41Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42620,8 +42620,8 @@ }, { "fields": { - "created": "2019-06-22T20:08:19Z", - "modified": "2019-06-22T20:08:19Z", + "created": "2022-06-19T12:47:52Z", + "modified": "2022-06-19T12:47:52Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42635,8 +42635,8 @@ }, { "fields": { - "created": "2019-06-22T20:08:30Z", - "modified": "2019-06-22T20:08:30Z", + "created": "2022-06-19T12:48:03Z", + "modified": "2022-06-19T12:48:03Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42650,8 +42650,8 @@ }, { "fields": { - "created": "2019-06-22T20:08:43Z", - "modified": "2019-06-22T20:08:43Z", + "created": "2022-06-19T12:48:16Z", + "modified": "2022-06-19T12:48:16Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42665,8 +42665,8 @@ }, { "fields": { - "created": "2019-06-22T20:08:54Z", - "modified": "2019-06-22T20:08:54Z", + "created": "2022-06-19T12:48:27Z", + "modified": "2022-06-19T12:48:27Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42680,8 +42680,8 @@ }, { "fields": { - "created": "2019-06-22T20:10:15Z", - "modified": "2019-06-22T20:10:15Z", + "created": "2022-06-19T12:49:48Z", + "modified": "2022-06-19T12:49:48Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42695,8 +42695,8 @@ }, { "fields": { - "created": "2019-06-22T20:10:30Z", - "modified": "2019-06-22T20:10:30Z", + "created": "2022-06-19T12:50:03Z", + "modified": "2022-06-19T12:50:03Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42710,8 +42710,8 @@ }, { "fields": { - "created": "2019-06-22T20:10:42Z", - "modified": "2019-06-22T20:10:42Z", + "created": "2022-06-19T12:50:15Z", + "modified": "2022-06-19T12:50:15Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42725,8 +42725,8 @@ }, { "fields": { - "created": "2019-06-22T20:10:52Z", - "modified": "2019-06-22T20:10:52Z", + "created": "2022-06-19T12:50:25Z", + "modified": "2022-06-19T12:50:25Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42740,8 +42740,8 @@ }, { "fields": { - "created": "2019-06-22T20:11:04Z", - "modified": "2019-06-22T20:11:04Z", + "created": "2022-06-19T12:50:37Z", + "modified": "2022-06-19T12:50:37Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42755,8 +42755,8 @@ }, { "fields": { - "created": "2019-06-22T20:11:17Z", - "modified": "2019-06-22T20:11:17Z", + "created": "2022-06-19T12:50:50Z", + "modified": "2022-06-19T12:50:50Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -42770,8 +42770,8 @@ }, { "fields": { - "created": "2019-06-22T20:11:30Z", - "modified": "2019-06-22T20:11:30Z", + "created": "2022-06-19T12:51:03Z", + "modified": "2022-06-19T12:51:03Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -43863,7 +43863,7 @@ }, { "fields": { - "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp", + "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -43881,7 +43881,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp", + "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -43899,7 +43899,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -43917,7 +43917,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -43935,7 +43935,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp", + "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -43953,7 +43953,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp", + "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -43971,7 +43971,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp", + "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -43989,7 +43989,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp", + "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -44007,7 +44007,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp", + "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -44025,7 +44025,7 @@ }, { "fields": { - "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js", + "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js", "content_type": [ "dojo", "test_import" @@ -44043,7 +44043,7 @@ }, { "fields": { - "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp", + "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -44061,7 +44061,7 @@ }, { "fields": { - "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp", + "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -44079,7 +44079,7 @@ }, { "fields": { - "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp", + "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -44097,7 +44097,7 @@ }, { "fields": { - "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java", + "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java", "content_type": [ "dojo", "test_import" @@ -44115,7 +44115,7 @@ }, { "fields": { - "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "test_import" @@ -44133,7 +44133,7 @@ }, { "fields": { - "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp", + "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -44151,7 +44151,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp", + "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -44169,7 +44169,7 @@ }, { "fields": { - "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp", + "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -44187,7 +44187,7 @@ }, { "fields": { - "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp", + "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -44205,7 +44205,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp", + "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -44223,7 +44223,7 @@ }, { "fields": { - "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp", + "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -44241,7 +44241,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp", + "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -44259,7 +44259,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp", + "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -44277,7 +44277,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp", + "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -44295,7 +44295,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp", + "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -44313,7 +44313,7 @@ }, { "fields": { - "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -44331,7 +44331,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp", + "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -44349,7 +44349,7 @@ }, { "fields": { - "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -44367,7 +44367,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -44385,7 +44385,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -44403,7 +44403,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp", + "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -44421,7 +44421,7 @@ }, { "fields": { - "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003ctd\u003e\u003c%=username%\u003e\u003c/td\u003e\n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp", + "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -44439,7 +44439,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp", + "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -44457,7 +44457,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf", + "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf", "content_type": [ "dojo", "test_import" @@ -44475,7 +44475,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp", + "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -44493,7 +44493,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp", + "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -44511,7 +44511,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp", + "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -44529,7 +44529,7 @@ }, { "fields": { - "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp", + "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -44547,7 +44547,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp", + "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -44565,7 +44565,7 @@ }, { "fields": { - "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp", + "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -44583,7 +44583,7 @@ }, { "fields": { - "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp", + "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -44601,7 +44601,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp", + "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -44619,7 +44619,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp", + "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -44637,7 +44637,7 @@ }, { "fields": { - "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp", + "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -44655,7 +44655,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp", + "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -44673,7 +44673,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp", + "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -44691,7 +44691,7 @@ }, { "fields": { - "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp", + "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -44709,7 +44709,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp", + "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -44727,7 +44727,7 @@ }, { "fields": { - "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -44745,7 +44745,7 @@ }, { "fields": { - "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp", + "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -44763,7 +44763,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf", + "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf", "content_type": [ "dojo", "test_import" @@ -44781,7 +44781,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp", + "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -44799,7 +44799,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "test_import" @@ -44817,7 +44817,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp", + "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -44835,7 +44835,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp", + "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -44853,7 +44853,7 @@ }, { "fields": { - "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp", + "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -44871,7 +44871,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp", + "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -44889,7 +44889,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp", + "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -44907,7 +44907,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp", + "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -44925,7 +44925,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp", + "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -44943,7 +44943,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp", + "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -44961,7 +44961,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp", + "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -44979,7 +44979,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp", + "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -44997,7 +44997,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp", + "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -45015,7 +45015,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", "content_type": [ "dojo", "test_import" @@ -45033,7 +45033,7 @@ }, { "fields": { - "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp", + "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -45051,7 +45051,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp", + "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -45069,7 +45069,7 @@ }, { "fields": { - "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp", + "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -45087,7 +45087,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp", + "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -45105,7 +45105,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp", + "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -45123,7 +45123,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -45141,7 +45141,7 @@ }, { "fields": { - "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp", + "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -45159,7 +45159,7 @@ }, { "fields": { - "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp", + "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -45177,7 +45177,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp", + "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -45195,7 +45195,7 @@ }, { "fields": { - "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp", + "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -45213,7 +45213,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp", + "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -45231,7 +45231,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -45249,7 +45249,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: \u003c%= query %\u003e\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp", + "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -45267,7 +45267,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -45285,7 +45285,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp", + "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -45303,7 +45303,7 @@ }, { "fields": { - "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -45321,7 +45321,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp", + "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -45339,7 +45339,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -45357,7 +45357,7 @@ }, { "fields": { - "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp", + "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -45375,7 +45375,7 @@ }, { "fields": { - "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp", + "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -45393,7 +45393,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp", + "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -45411,7 +45411,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp", + "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -45429,7 +45429,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp", + "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -45447,7 +45447,7 @@ }, { "fields": { - "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp", + "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -45465,7 +45465,7 @@ }, { "fields": { - "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp", + "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -45483,7 +45483,7 @@ }, { "fields": { - "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -45501,7 +45501,7 @@ }, { "fields": { - "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java", + "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java", "content_type": [ "dojo", "test_import" @@ -45519,7 +45519,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp", + "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -45537,7 +45537,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp", + "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -45555,7 +45555,7 @@ }, { "fields": { - "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp", + "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -45573,7 +45573,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp", + "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -45591,7 +45591,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp", + "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -45609,7 +45609,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp", + "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -45627,7 +45627,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp", + "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -45645,7 +45645,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp", + "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -45663,7 +45663,7 @@ }, { "fields": { - "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp", + "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -45681,7 +45681,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp", + "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -45699,7 +45699,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp", + "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -45717,7 +45717,7 @@ }, { "fields": { - "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -45735,7 +45735,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp", + "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -45753,7 +45753,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -45771,7 +45771,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp", + "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -45789,7 +45789,7 @@ }, { "fields": { - "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp", + "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp", "content_type": [ "dojo", "test_import" @@ -45807,7 +45807,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp", + "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -45825,7 +45825,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp", + "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -45843,7 +45843,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp", + "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -45861,7 +45861,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp", + "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -45879,7 +45879,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp", + "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -45897,7 +45897,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp", + "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -45915,7 +45915,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp", + "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -45933,7 +45933,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp", + "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -45951,7 +45951,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp", + "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -45969,7 +45969,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp", + "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -45987,7 +45987,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -46005,7 +46005,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp", + "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -46023,7 +46023,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -46041,7 +46041,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp", + "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -46059,7 +46059,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp", + "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -46077,7 +46077,7 @@ }, { "fields": { - "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp", + "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -46095,7 +46095,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -46113,7 +46113,7 @@ }, { "fields": { - "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp", + "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -46131,7 +46131,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "test_import" @@ -46149,7 +46149,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp", + "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -46167,7 +46167,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp", + "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -46185,7 +46185,7 @@ }, { "fields": { - "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp", + "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -46203,7 +46203,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp", + "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -46221,7 +46221,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp", + "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -46257,7 +46257,7 @@ }, { "fields": { - "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp", + "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -46275,7 +46275,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp", + "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -46293,7 +46293,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -46311,7 +46311,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -46329,7 +46329,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp", + "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -46347,7 +46347,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp", + "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -46365,7 +46365,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp", + "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -46383,7 +46383,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp", + "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -46401,7 +46401,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp", + "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -46419,7 +46419,7 @@ }, { "fields": { - "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js", + "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js", "content_type": [ "dojo", "test_import" @@ -46437,7 +46437,7 @@ }, { "fields": { - "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp", + "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -46455,7 +46455,7 @@ }, { "fields": { - "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp", + "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -46473,7 +46473,7 @@ }, { "fields": { - "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp", + "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -46491,7 +46491,7 @@ }, { "fields": { - "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java", + "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java", "content_type": [ "dojo", "test_import" @@ -46509,7 +46509,7 @@ }, { "fields": { - "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "test_import" @@ -46527,7 +46527,7 @@ }, { "fields": { - "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp", + "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -46545,7 +46545,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp", + "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -46563,7 +46563,7 @@ }, { "fields": { - "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp", + "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -46581,7 +46581,7 @@ }, { "fields": { - "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp", + "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -46599,7 +46599,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp", + "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -46617,7 +46617,7 @@ }, { "fields": { - "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp", + "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -46635,7 +46635,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp", + "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -46653,7 +46653,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp", + "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -46671,7 +46671,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp", + "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -46689,7 +46689,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp", + "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -46707,7 +46707,7 @@ }, { "fields": { - "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -46725,7 +46725,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp", + "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -46743,7 +46743,7 @@ }, { "fields": { - "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -46761,7 +46761,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -46779,7 +46779,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -46797,7 +46797,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp", + "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -46815,7 +46815,7 @@ }, { "fields": { - "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003ctd\u003e\u003c%=username%\u003e\u003c/td\u003e\n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp", + "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -46833,7 +46833,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp", + "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -46851,7 +46851,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf", + "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf", "content_type": [ "dojo", "test_import" @@ -46869,7 +46869,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp", + "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -46887,7 +46887,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp", + "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -46905,7 +46905,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp", + "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -46923,7 +46923,7 @@ }, { "fields": { - "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp", + "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -46941,7 +46941,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp", + "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -46959,7 +46959,7 @@ }, { "fields": { - "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp", + "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -46977,7 +46977,7 @@ }, { "fields": { - "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp", + "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -46995,7 +46995,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp", + "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -47013,7 +47013,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp", + "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -47031,7 +47031,7 @@ }, { "fields": { - "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp", + "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -47049,7 +47049,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp", + "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -47067,7 +47067,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp", + "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -47085,7 +47085,7 @@ }, { "fields": { - "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp", + "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -47103,7 +47103,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp", + "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -47121,7 +47121,7 @@ }, { "fields": { - "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -47139,7 +47139,7 @@ }, { "fields": { - "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp", + "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -47157,7 +47157,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf", + "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf", "content_type": [ "dojo", "test_import" @@ -47175,7 +47175,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp", + "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -47193,7 +47193,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "test_import" @@ -47211,7 +47211,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp", + "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -47229,7 +47229,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp", + "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -47247,7 +47247,7 @@ }, { "fields": { - "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp", + "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -47265,7 +47265,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp", + "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -47283,7 +47283,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp", + "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -47301,7 +47301,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp", + "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -47319,7 +47319,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp", + "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -47337,7 +47337,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp", + "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -47355,7 +47355,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp", + "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -47373,7 +47373,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp", + "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -47391,7 +47391,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp", + "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -47409,7 +47409,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", "content_type": [ "dojo", "test_import" @@ -47427,7 +47427,7 @@ }, { "fields": { - "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp", + "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -47445,7 +47445,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp", + "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -47463,7 +47463,7 @@ }, { "fields": { - "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp", + "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -47481,7 +47481,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp", + "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -47499,7 +47499,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp", + "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -47517,7 +47517,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -47535,7 +47535,7 @@ }, { "fields": { - "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp", + "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -47553,7 +47553,7 @@ }, { "fields": { - "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp", + "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -47571,7 +47571,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp", + "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -47589,7 +47589,7 @@ }, { "fields": { - "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp", + "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -47607,7 +47607,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp", + "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -47625,7 +47625,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -47643,7 +47643,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: \u003c%= query %\u003e\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp", + "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -47661,7 +47661,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -47679,7 +47679,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp", + "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -47697,7 +47697,7 @@ }, { "fields": { - "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -47715,7 +47715,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp", + "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -47733,7 +47733,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -47751,7 +47751,7 @@ }, { "fields": { - "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp", + "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -47769,7 +47769,7 @@ }, { "fields": { - "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp", + "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -47787,7 +47787,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp", + "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -47805,7 +47805,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp", + "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -47823,7 +47823,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp", + "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -47841,7 +47841,7 @@ }, { "fields": { - "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp", + "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -47859,7 +47859,7 @@ }, { "fields": { - "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp", + "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -47877,7 +47877,7 @@ }, { "fields": { - "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -47895,7 +47895,7 @@ }, { "fields": { - "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java", + "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java", "content_type": [ "dojo", "test_import" @@ -47913,7 +47913,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp", + "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -47931,7 +47931,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp", + "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -47949,7 +47949,7 @@ }, { "fields": { - "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp", + "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -47967,7 +47967,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp", + "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -47985,7 +47985,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp", + "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -48003,7 +48003,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp", + "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -48021,7 +48021,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp", + "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -48039,7 +48039,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp", + "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -48057,7 +48057,7 @@ }, { "fields": { - "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp", + "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -48075,7 +48075,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp", + "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -48093,7 +48093,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp", + "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -48111,7 +48111,7 @@ }, { "fields": { - "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -48129,7 +48129,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp", + "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -48147,7 +48147,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -48165,7 +48165,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp", + "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -48183,7 +48183,7 @@ }, { "fields": { - "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp", + "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp", "content_type": [ "dojo", "test_import" @@ -48201,7 +48201,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp", + "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -48219,7 +48219,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp", + "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -48237,7 +48237,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp", + "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -48255,7 +48255,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp", + "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -48273,7 +48273,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp", + "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -48291,7 +48291,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp", + "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -48309,7 +48309,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp", + "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -48327,7 +48327,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp", + "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -48345,7 +48345,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp", + "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -48363,7 +48363,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp", + "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -48381,7 +48381,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -48399,7 +48399,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp", + "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -48417,7 +48417,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -48435,7 +48435,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp", + "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -48453,7 +48453,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp", + "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -48471,7 +48471,7 @@ }, { "fields": { - "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp", + "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -48489,7 +48489,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -48507,7 +48507,7 @@ }, { "fields": { - "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp", + "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -48525,7 +48525,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "test_import" @@ -48543,7 +48543,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp", + "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -48561,7 +48561,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp", + "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -48579,7 +48579,7 @@ }, { "fields": { - "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp", + "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -48597,7 +48597,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp", + "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -48615,7 +48615,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp", + "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -48633,7 +48633,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n N/A N/A None None S2 None None None None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp", + "content": "Download of Code Without Integrity Check (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -48651,7 +48651,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None None None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp", + "content": "Improper Resource Access Authorization (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None None None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -48669,7 +48669,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp", + "content": "Use of Cryptographically Weak PRNG (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -48687,7 +48687,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp", + "content": "Improper Resource Shutdown or Release (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -48705,7 +48705,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp", + "content": "Reflected XSS All Clients (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -48723,7 +48723,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (home.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp", + "content": "Use of Insufficiently Random Values (home.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -48741,7 +48741,7 @@ }, { "fields": { - "content": "SQL Injection (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None None None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp", + "content": "SQL Injection (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None None None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -48777,7 +48777,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None 262 N/A None BodgeIt ", + "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None 262 N/A None BodgeIt ", "content_type": [ "dojo", "test_import" @@ -48795,7 +48795,7 @@ }, { "fields": { - "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None 263 N/A None BodgeIt ", + "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None 263 N/A None BodgeIt ", "content_type": [ "dojo", "test_import" @@ -48921,7 +48921,7 @@ }, { "fields": { - "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers 0 0 0 high web production purchased", + "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable\u2014where the company enters money received\r\n* Accounts payable\u2014where the company enters its bills and pays money it owes\r\n* General ledger\u2014the company's \"books\"\r\n* Billing\u2014where the company produces invoices to clients/customers 0 0 0 high web production purchased", "content_type": [ "dojo", "tagulous_product_tags" @@ -49029,7 +49029,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None 276 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None 276 N/A None BodgeIt ", "content_type": [ "dojo", "test_import" @@ -49047,7 +49047,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None 277 N/A None BodgeIt ", + "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None 277 N/A None BodgeIt ", "content_type": [ "dojo", "test_import" @@ -49839,7 +49839,7 @@ }, { "fields": { - "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None", + "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None", "content_type": [ "dojo", "test_import" @@ -50361,7 +50361,7 @@ }, { "fields": { - "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(\u0026version)\n coming soon None None S3 None None None None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n coming soon None None S3 None None None None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go", "content_type": [ "dojo", "test_import" @@ -50775,7 +50775,7 @@ }, { "fields": { - "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None", + "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None", "content_type": [ "dojo", "test_import" @@ -51027,7 +51027,7 @@ }, { "fields": { - "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 302 None None BodgeIt ", + "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 302 None None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51045,7 +51045,7 @@ }, { "fields": { - "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 340 None None BodgeIt ", + "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 340 None None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51135,7 +51135,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 145 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 145 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51153,7 +51153,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 13 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 13 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51189,7 +51189,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "finding" @@ -51207,7 +51207,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "finding" @@ -51225,7 +51225,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None None None None 276 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None None None None 276 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51243,7 +51243,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 65 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 65 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51261,7 +51261,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 197 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 197 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51279,7 +51279,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: \u003c%= query %\u003e\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 217 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 217 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51297,7 +51297,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: \u003c%= query %\u003e\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 85 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 85 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51315,7 +51315,7 @@ }, { "fields": { - "content": "SQL Injection (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp None None None None None None None None None None 278 N/A None BodgeIt ", + "content": "SQL Injection (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp None None None None None None None None None None 278 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51333,7 +51333,7 @@ }, { "fields": { - "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 45 N/A None BodgeIt ", + "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 45 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51351,7 +51351,7 @@ }, { "fields": { - "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 177 N/A None BodgeIt ", + "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 177 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51369,7 +51369,7 @@ }, { "fields": { - "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 18 N/A None BodgeIt ", + "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 18 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51387,7 +51387,7 @@ }, { "fields": { - "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 150 N/A None BodgeIt ", + "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 150 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51405,7 +51405,7 @@ }, { "fields": { - "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 8 N/A None BodgeIt ", + "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 8 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51423,7 +51423,7 @@ }, { "fields": { - "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 140 N/A None BodgeIt ", + "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 140 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51441,7 +51441,7 @@ }, { "fields": { - "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 51 N/A None BodgeIt ", + "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 51 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51459,7 +51459,7 @@ }, { "fields": { - "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 183 N/A None BodgeIt ", + "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 183 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51477,7 +51477,7 @@ }, { "fields": { - "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 151 N/A None BodgeIt ", + "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 151 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51495,7 +51495,7 @@ }, { "fields": { - "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 19 N/A None BodgeIt ", + "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 19 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51513,7 +51513,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 258 N/A None BodgeIt ", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 258 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51531,7 +51531,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 126 N/A None BodgeIt ", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 126 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51549,7 +51549,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 90 N/A None BodgeIt ", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 90 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51567,7 +51567,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 222 N/A None BodgeIt ", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 222 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51585,7 +51585,7 @@ }, { "fields": { - "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 63 N/A None BodgeIt ", + "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 63 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51603,7 +51603,7 @@ }, { "fields": { - "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 195 N/A None BodgeIt ", + "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 195 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51621,7 +51621,7 @@ }, { "fields": { - "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 263 N/A None BodgeIt ", + "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 263 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51639,7 +51639,7 @@ }, { "fields": { - "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 131 N/A None BodgeIt ", + "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 131 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51657,7 +51657,7 @@ }, { "fields": { - "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 234 N/A None BodgeIt ", + "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 234 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51675,7 +51675,7 @@ }, { "fields": { - "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 102 N/A None BodgeIt ", + "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 102 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51693,7 +51693,7 @@ }, { "fields": { - "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 189 N/A None BodgeIt ", + "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 189 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -51711,7 +51711,7 @@ }, { "fields": { - "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 57 N/A None BodgeIt ", + "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 57 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52053,7 +52053,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 101 N/A None BodgeIt ", + "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 101 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52071,7 +52071,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 233 N/A None BodgeIt ", + "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 233 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52089,7 +52089,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "finding" @@ -52107,7 +52107,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "finding" @@ -52125,7 +52125,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 170 N/A None BodgeIt ", + "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 170 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52143,7 +52143,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 38 N/A None BodgeIt ", + "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 38 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52161,7 +52161,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 15 N/A None BodgeIt ", + "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 15 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52179,7 +52179,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 147 N/A None BodgeIt ", + "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 147 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52197,7 +52197,7 @@ }, { "fields": { - "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 223 N/A None BodgeIt ", + "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 223 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52215,7 +52215,7 @@ }, { "fields": { - "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 91 N/A None BodgeIt ", + "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 91 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52233,7 +52233,7 @@ }, { "fields": { - "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 82 N/A None BodgeIt ", + "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 82 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52251,7 +52251,7 @@ }, { "fields": { - "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 214 N/A None BodgeIt ", + "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 214 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52269,7 +52269,7 @@ }, { "fields": { - "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 96 N/A None BodgeIt ", + "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 96 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52287,7 +52287,7 @@ }, { "fields": { - "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 228 N/A None BodgeIt ", + "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 228 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52305,7 +52305,7 @@ }, { "fields": { - "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 152 N/A None BodgeIt ", + "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 152 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52323,7 +52323,7 @@ }, { "fields": { - "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 20 N/A None BodgeIt ", + "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 20 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52341,7 +52341,7 @@ }, { "fields": { - "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 207 N/A None BodgeIt ", + "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 207 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52359,7 +52359,7 @@ }, { "fields": { - "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 75 N/A None BodgeIt ", + "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 75 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52377,7 +52377,7 @@ }, { "fields": { - "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 179 N/A None BodgeIt ", + "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 179 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52395,7 +52395,7 @@ }, { "fields": { - "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 47 N/A None BodgeIt ", + "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 47 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52413,7 +52413,7 @@ }, { "fields": { - "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 165 N/A None BodgeIt ", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 165 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52431,7 +52431,7 @@ }, { "fields": { - "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 33 N/A None BodgeIt ", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 33 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52449,7 +52449,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 52 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 52 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52467,7 +52467,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 184 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 184 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52485,7 +52485,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 138 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 138 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52503,7 +52503,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 270 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 270 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52521,7 +52521,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n N/A N/A None None S2 None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp None None None None None None None None None None 272 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp None None None None None None None None None None 272 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52539,7 +52539,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 77 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 77 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52557,7 +52557,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 209 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 209 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52575,7 +52575,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 175 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 175 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52593,7 +52593,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 43 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 43 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52611,7 +52611,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 141 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 141 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52629,7 +52629,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 9 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 9 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52647,7 +52647,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 199 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 199 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52665,7 +52665,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 67 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 67 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52683,7 +52683,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 187 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 187 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52701,7 +52701,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 55 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 55 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52719,7 +52719,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 62 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 62 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52737,7 +52737,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 194 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 194 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52755,7 +52755,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 200 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 200 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52773,7 +52773,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 68 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 68 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52791,7 +52791,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 110 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 110 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52809,7 +52809,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 242 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 242 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52827,7 +52827,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 117 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 117 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52845,7 +52845,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 249 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 249 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52863,7 +52863,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 50 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 50 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52881,7 +52881,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 182 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 182 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52899,7 +52899,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 40 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 40 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52917,7 +52917,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 172 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 172 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52935,7 +52935,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 173 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 173 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52953,7 +52953,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 41 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 41 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52971,7 +52971,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 24 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 24 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -52989,7 +52989,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 156 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 156 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53007,7 +53007,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 59 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 59 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53025,7 +53025,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 191 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 191 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53043,7 +53043,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 248 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 248 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53061,7 +53061,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 116 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 116 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53079,7 +53079,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 34 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 34 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53097,7 +53097,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 166 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 166 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53115,7 +53115,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 148 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 148 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53133,7 +53133,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 16 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 16 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53151,7 +53151,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 81 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 81 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53169,7 +53169,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 213 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 213 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53187,7 +53187,7 @@ }, { "fields": { - "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 265 N/A None BodgeIt ", + "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 265 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53205,7 +53205,7 @@ }, { "fields": { - "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 133 N/A None BodgeIt ", + "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 133 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53223,7 +53223,7 @@ }, { "fields": { - "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 54 N/A None BodgeIt ", + "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 54 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53241,7 +53241,7 @@ }, { "fields": { - "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 186 N/A None BodgeIt ", + "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 186 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53259,7 +53259,7 @@ }, { "fields": { - "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 26 N/A None BodgeIt ", + "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 26 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53277,7 +53277,7 @@ }, { "fields": { - "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 158 N/A None BodgeIt ", + "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 158 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53295,7 +53295,7 @@ }, { "fields": { - "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 92 N/A None BodgeIt ", + "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 92 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53313,7 +53313,7 @@ }, { "fields": { - "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 224 N/A None BodgeIt ", + "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 224 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53331,7 +53331,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 193 N/A None BodgeIt ", + "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 193 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53349,7 +53349,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 61 N/A None BodgeIt ", + "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 61 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53367,7 +53367,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 259 N/A None BodgeIt ", + "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 259 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53385,7 +53385,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 127 N/A None BodgeIt ", + "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 127 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53403,7 +53403,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 14 N/A None BodgeIt ", + "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 14 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53421,7 +53421,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 146 N/A None BodgeIt ", + "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 146 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53439,7 +53439,7 @@ }, { "fields": { - "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 98 N/A None BodgeIt ", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 98 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53457,7 +53457,7 @@ }, { "fields": { - "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 230 N/A None BodgeIt ", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 230 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53475,7 +53475,7 @@ }, { "fields": { - "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 167 N/A None BodgeIt ", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 167 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53493,7 +53493,7 @@ }, { "fields": { - "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 35 N/A None BodgeIt ", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 35 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53511,7 +53511,7 @@ }, { "fields": { - "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 56 N/A None BodgeIt ", + "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 56 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53529,7 +53529,7 @@ }, { "fields": { - "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 188 N/A None BodgeIt ", + "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 188 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53547,7 +53547,7 @@ }, { "fields": { - "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 247 N/A None BodgeIt ", + "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 247 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53565,7 +53565,7 @@ }, { "fields": { - "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 115 N/A None BodgeIt ", + "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 115 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53583,7 +53583,7 @@ }, { "fields": { - "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 28 N/A None BodgeIt ", + "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 28 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53601,7 +53601,7 @@ }, { "fields": { - "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 160 N/A None BodgeIt ", + "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 160 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53619,7 +53619,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp None None None None None None None None None None 274 N/A None BodgeIt ", + "content": "Use of Cryptographically Weak PRNG (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp None None None None None None None None None None 274 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53637,7 +53637,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 159 N/A None BodgeIt ", + "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 159 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53655,7 +53655,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 27 N/A None BodgeIt ", + "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 27 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53673,7 +53673,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 206 N/A None BodgeIt ", + "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 206 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53691,7 +53691,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 74 N/A None BodgeIt ", + "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 74 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53709,7 +53709,7 @@ }, { "fields": { - "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 99 N/A None BodgeIt ", + "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 99 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53727,7 +53727,7 @@ }, { "fields": { - "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 231 N/A None BodgeIt ", + "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 231 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53745,7 +53745,7 @@ }, { "fields": { - "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 88 N/A None BodgeIt ", + "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 88 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53763,7 +53763,7 @@ }, { "fields": { - "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 220 N/A None BodgeIt ", + "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 220 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53781,7 +53781,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 257 N/A None BodgeIt ", + "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 257 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53799,7 +53799,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 125 N/A None BodgeIt ", + "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 125 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53817,7 +53817,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None None None None 277 N/A None BodgeIt ", + "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None None None None 277 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53835,7 +53835,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 83 N/A None BodgeIt ", + "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 83 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53853,7 +53853,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 215 N/A None BodgeIt ", + "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 215 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53871,7 +53871,7 @@ }, { "fields": { - "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 269 N/A None BodgeIt ", + "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 269 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53889,7 +53889,7 @@ }, { "fields": { - "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 137 N/A None BodgeIt ", + "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 137 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -53961,7 +53961,7 @@ }, { "fields": { - "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(\u0026version)\n coming soon None None S3 None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go None None None None None None None None None None 326 N/A None BodgeIt ", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n coming soon None None S3 None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go None None None None None None None None None None 326 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54303,7 +54303,7 @@ }, { "fields": { - "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 229 N/A None BodgeIt ", + "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 229 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54321,7 +54321,7 @@ }, { "fields": { - "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 97 N/A None BodgeIt ", + "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 97 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54339,7 +54339,7 @@ }, { "fields": { - "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 79 N/A None BodgeIt ", + "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 79 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54357,7 +54357,7 @@ }, { "fields": { - "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 211 N/A None BodgeIt ", + "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 211 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54375,7 +54375,7 @@ }, { "fields": { - "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 157 N/A None BodgeIt ", + "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 157 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54393,7 +54393,7 @@ }, { "fields": { - "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 25 N/A None BodgeIt ", + "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 25 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54411,7 +54411,7 @@ }, { "fields": { - "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 240 N/A None BodgeIt ", + "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 240 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54429,7 +54429,7 @@ }, { "fields": { - "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 108 N/A None BodgeIt ", + "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 108 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54447,7 +54447,7 @@ }, { "fields": { - "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 80 N/A None BodgeIt ", + "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 80 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54465,7 +54465,7 @@ }, { "fields": { - "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 212 N/A None BodgeIt ", + "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 212 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54483,7 +54483,7 @@ }, { "fields": { - "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 149 N/A None BodgeIt ", + "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 149 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54501,7 +54501,7 @@ }, { "fields": { - "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 17 N/A None BodgeIt ", + "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 17 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54519,7 +54519,7 @@ }, { "fields": { - "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "finding" @@ -54537,7 +54537,7 @@ }, { "fields": { - "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "finding" @@ -54555,7 +54555,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 178 N/A None BodgeIt ", + "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 178 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54573,7 +54573,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 46 N/A None BodgeIt ", + "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 46 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54591,7 +54591,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 267 N/A None BodgeIt ", + "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 267 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54609,7 +54609,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 135 N/A None BodgeIt ", + "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 135 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54627,7 +54627,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 190 N/A None BodgeIt ", + "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 190 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54645,7 +54645,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 58 N/A None BodgeIt ", + "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 58 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54663,7 +54663,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 71 N/A None BodgeIt ", + "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 71 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54681,7 +54681,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 203 N/A None BodgeIt ", + "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 203 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54699,7 +54699,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 64 N/A None BodgeIt ", + "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 64 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54717,7 +54717,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 196 N/A None BodgeIt ", + "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 196 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54735,7 +54735,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 53 N/A None BodgeIt ", + "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 53 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54753,7 +54753,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 185 N/A None BodgeIt ", + "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 185 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54771,7 +54771,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 123 N/A None BodgeIt ", + "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 123 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54789,7 +54789,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 255 N/A None BodgeIt ", + "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 255 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54807,7 +54807,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 31 N/A None BodgeIt ", + "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 31 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54825,7 +54825,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 163 N/A None BodgeIt ", + "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 163 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54843,7 +54843,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 42 N/A None BodgeIt ", + "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 42 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54861,7 +54861,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 174 N/A None BodgeIt ", + "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 174 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54879,7 +54879,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 120 N/A None BodgeIt ", + "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 120 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54897,7 +54897,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 252 N/A None BodgeIt ", + "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 252 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54915,7 +54915,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 244 N/A None BodgeIt ", + "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 244 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54933,7 +54933,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 112 N/A None BodgeIt ", + "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 112 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54951,7 +54951,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 204 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 204 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54969,7 +54969,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 72 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 72 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -54987,7 +54987,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp None None None None None None None None None None 273 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp None None None None None None None None None None 273 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55005,7 +55005,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 201 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 201 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55023,7 +55023,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 69 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 69 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55041,7 +55041,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 119 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 119 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55059,7 +55059,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 251 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 251 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55077,7 +55077,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 237 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 237 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55095,7 +55095,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 105 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 105 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55113,7 +55113,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 95 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 95 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55131,7 +55131,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 227 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 227 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55149,7 +55149,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 250 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 250 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55167,7 +55167,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 118 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 118 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55185,7 +55185,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 32 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 32 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55203,7 +55203,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 164 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 164 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55221,7 +55221,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 198 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 198 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55239,7 +55239,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 66 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 66 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55257,7 +55257,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 271 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 271 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55275,7 +55275,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 139 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 139 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55293,7 +55293,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 246 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 246 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55311,7 +55311,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 114 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 114 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55329,7 +55329,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 104 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 104 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55347,7 +55347,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 236 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 236 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55365,7 +55365,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 36 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 36 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55383,7 +55383,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 168 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 168 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55401,7 +55401,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 106 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 106 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55419,7 +55419,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 238 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 238 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55437,7 +55437,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 245 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 245 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55455,7 +55455,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 132 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 132 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55473,7 +55473,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 210 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 210 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55491,7 +55491,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 113 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 113 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55509,7 +55509,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 78 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 78 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55527,7 +55527,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 264 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 264 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55545,7 +55545,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp None None None None None None None None None None 275 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp None None None None None None None None None None 275 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55563,7 +55563,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 144 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 144 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55581,7 +55581,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 12 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 12 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55599,7 +55599,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 76 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 76 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55617,7 +55617,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 208 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 208 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55635,7 +55635,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 253 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 253 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55653,7 +55653,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 121 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 121 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55671,7 +55671,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 122 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 122 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55689,7 +55689,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 254 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 254 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55707,7 +55707,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 232 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 232 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55725,7 +55725,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 100 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 100 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55743,7 +55743,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 93 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 93 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55761,7 +55761,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 225 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 225 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55779,7 +55779,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 143 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 143 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55797,7 +55797,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 11 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 11 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55815,7 +55815,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 29 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 29 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55833,7 +55833,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 161 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 161 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55851,7 +55851,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 235 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 235 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55869,7 +55869,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 103 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 103 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55887,7 +55887,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 49 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 49 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55905,7 +55905,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 181 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 181 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55923,7 +55923,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 129 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 129 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55941,7 +55941,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 261 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 261 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55959,7 +55959,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 176 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 176 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55977,7 +55977,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 44 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 44 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -55995,7 +55995,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 256 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 256 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56013,7 +56013,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 124 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 124 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56031,7 +56031,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 136 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 136 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56049,7 +56049,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 268 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 268 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56067,7 +56067,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 94 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 94 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56085,7 +56085,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 226 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 226 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56103,7 +56103,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 219 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 219 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56121,7 +56121,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 87 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 87 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56139,7 +56139,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 107 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 107 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56157,7 +56157,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 239 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 239 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56175,7 +56175,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 84 N/A None BodgeIt ", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 84 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56193,7 +56193,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 142 N/A None BodgeIt ", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 142 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56211,7 +56211,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 216 N/A None BodgeIt ", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 216 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56229,7 +56229,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 10 N/A None BodgeIt ", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 10 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56247,7 +56247,7 @@ }, { "fields": { - "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 153 N/A None BodgeIt ", + "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 153 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56265,7 +56265,7 @@ }, { "fields": { - "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 21 N/A None BodgeIt ", + "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 21 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56283,7 +56283,7 @@ }, { "fields": { - "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 180 N/A None BodgeIt ", + "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 180 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56301,7 +56301,7 @@ }, { "fields": { - "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 48 N/A None BodgeIt ", + "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 48 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56319,7 +56319,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 70 N/A None BodgeIt ", + "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 70 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56337,7 +56337,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 202 N/A None BodgeIt ", + "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 202 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56355,7 +56355,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 130 N/A None BodgeIt ", + "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 130 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56373,7 +56373,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 262 N/A None BodgeIt ", + "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 262 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56391,7 +56391,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 30 N/A None BodgeIt ", + "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 30 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56409,7 +56409,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 162 N/A None BodgeIt ", + "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 162 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56427,7 +56427,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 109 N/A None BodgeIt ", + "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 109 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56445,7 +56445,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 241 N/A None BodgeIt ", + "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 241 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56463,7 +56463,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 221 N/A None BodgeIt ", + "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 221 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56481,7 +56481,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 89 N/A None BodgeIt ", + "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 89 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56499,7 +56499,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 218 N/A None BodgeIt ", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 218 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56517,7 +56517,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 86 N/A None BodgeIt ", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 86 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56535,7 +56535,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 37 N/A None BodgeIt ", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 37 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56553,7 +56553,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 169 N/A None BodgeIt ", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 169 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56571,7 +56571,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 128 N/A None BodgeIt ", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 128 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56589,7 +56589,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 260 N/A None BodgeIt ", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 260 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56607,7 +56607,7 @@ }, { "fields": { - "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 23 N/A None BodgeIt ", + "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 23 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56625,7 +56625,7 @@ }, { "fields": { - "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 155 N/A None BodgeIt ", + "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 155 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56643,7 +56643,7 @@ }, { "fields": { - "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 205 N/A None BodgeIt ", + "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 205 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56661,7 +56661,7 @@ }, { "fields": { - "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 73 N/A None BodgeIt ", + "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 73 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56679,7 +56679,7 @@ }, { "fields": { - "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003c%=username%\u003e\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 171 N/A None BodgeIt ", + "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 171 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56697,7 +56697,7 @@ }, { "fields": { - "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003c%=username%\u003e\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 39 N/A None BodgeIt ", + "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 39 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56715,7 +56715,7 @@ }, { "fields": { - "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 243 N/A None BodgeIt ", + "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 243 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -56733,7 +56733,7 @@ }, { "fields": { - "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 111 N/A None BodgeIt ", + "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 111 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -57147,7 +57147,7 @@ }, { "fields": { - "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers high web production purchased 3 Billing", + "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable\u2014where the company enters money received\r\n* Accounts payable\u2014where the company enters its bills and pays money it owes\r\n* General ledger\u2014the company's \"books\"\r\n* Billing\u2014where the company produces invoices to clients/customers high web production purchased 3 Billing", "content_type": [ "dojo", "product" diff --git a/dojo/fixtures/defect_dojo_sample_data_locations.json b/dojo/fixtures/defect_dojo_sample_data_locations.json index 88286c552c1..f56ce8069fa 100644 --- a/dojo/fixtures/defect_dojo_sample_data_locations.json +++ b/dojo/fixtures/defect_dojo_sample_data_locations.json @@ -18,7 +18,7 @@ }, { "fields": { - "date_joined": "2021-08-01T07:59:51Z", + "date_joined": "2025-07-03T00:39:24Z", "email": "", "first_name": "", "groups": [], @@ -545,7 +545,7 @@ "fields": { "acronym": "HIPAA", "category": "medical", - "description": "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy–Kassebaum Act or Kassebaum-Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.", + "description": "The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. It has been known as the Kennedy\u2013Kassebaum Act or Kassebaum-Kennedy Act after two of its leading sponsors. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.", "jurisdiction": "United States", "name": "Health Insurance Portability and Accountability Act", "reference": "http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act" @@ -569,9 +569,9 @@ "fields": { "acronym": "SOX", "category": "finance", - "description": "The Sarbanes–Oxley Act of 2002 (SOX) is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms. There are also a number of provisions of the Act that also apply to privately held companies, for example the willful destruction of evidence to impede a Federal investigation.", + "description": "The Sarbanes\u2013Oxley Act of 2002 (SOX) is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms. There are also a number of provisions of the Act that also apply to privately held companies, for example the willful destruction of evidence to impede a Federal investigation.", "jurisdiction": "United States", - "name": "Sarbanes–Oxley Act", + "name": "Sarbanes\u2013Oxley Act", "reference": "http://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act" }, "model": "dojo.regulation", @@ -581,9 +581,9 @@ "fields": { "acronym": "GLBA", "category": "finance", - "description": "The Gramm–Leach–Bliley Act (GLBA) is an act of the 106th United States Congress. It repealed part of the Glass–Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company. With the bipartisan passage of the Gramm–Leach–Bliley Act, commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Furthermore, it failed to give to the SEC or any other financial regulatory agency the authority to regulate large investment bank holding companies.", + "description": "The Gramm\u2013Leach\u2013Bliley Act (GLBA) is an act of the 106th United States Congress. It repealed part of the Glass\u2013Steagall Act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, a commercial bank, and an insurance company. With the bipartisan passage of the Gramm\u2013Leach\u2013Bliley Act, commercial banks, investment banks, securities firms, and insurance companies were allowed to consolidate. Furthermore, it failed to give to the SEC or any other financial regulatory agency the authority to regulate large investment bank holding companies.", "jurisdiction": "United States", - "name": "Gramm–Leach–Bliley Act", + "name": "Gramm\u2013Leach\u2013Bliley Act", "reference": "http://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act" }, "model": "dojo.regulation", @@ -678,7 +678,7 @@ "acronym": "GDPR", "category": "privacy", "description": "The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.\r\n\r\nSuperseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements pertaining to the processing of personally identifiable information of data subjects inside the European Union, and applies to all enterprises, regardless of location, that are doing business with the European Economic Area. Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately. No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data's owner. The data owner has the right to revoke this permission at any time.", - "jurisdiction": "EU \u0026 EU Data Extra-Territorial Applicability", + "jurisdiction": "EU & EU Data Extra-Territorial Applicability", "name": "General Data Protection Regulation", "reference": "https://www.eugdpr.org/" }, @@ -2612,7 +2612,7 @@ "async_updating": false, "business_criticality": "high", "created": null, - "description": "Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers", + "description": "Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable\u2014where the company enters money received\r\n* Accounts payable\u2014where the company enters its bills and pays money it owes\r\n* General ledger\u2014the company's \"books\"\r\n* Billing\u2014where the company produces invoices to clients/customers", "disable_sla_breach_notifications": false, "enable_full_risk_acceptance": true, "enable_product_tag_inheritance": false, @@ -2783,8 +2783,8 @@ "source_code_management_uri": null, "status": "In Progress", "tags": [], - "target_end": "2021-07-31", - "target_start": "2021-07-31", + "target_end": "2025-07-01", + "target_start": "2025-07-01", "test_strategy": null, "threat_model": true, "tmodel_path": "none", @@ -2830,8 +2830,8 @@ "source_code_management_uri": null, "status": "Completed", "tags": [], - "target_end": "2021-07-31", - "target_start": "2021-07-31", + "target_end": "2025-07-01", + "target_start": "2025-07-01", "test_strategy": "", "threat_model": true, "tmodel_path": "none", @@ -2877,8 +2877,8 @@ "source_code_management_uri": null, "status": "Completed", "tags": [], - "target_end": "2021-07-23", - "target_start": "2021-07-22", + "target_end": "2025-06-23", + "target_start": "2025-06-22", "test_strategy": null, "threat_model": true, "tmodel_path": "none", @@ -2924,8 +2924,8 @@ "source_code_management_uri": null, "status": "Completed", "tags": [], - "target_end": "2021-12-11", - "target_start": "2021-12-04", + "target_end": "2025-11-11", + "target_start": "2025-11-04", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -2973,8 +2973,8 @@ "tags": [ "pci" ], - "target_end": "2022-02-26", - "target_start": "2022-02-19", + "target_end": "2026-01-27", + "target_start": "2026-01-20", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -3018,8 +3018,8 @@ "source_code_management_uri": null, "status": "", "tags": [], - "target_end": "2021-12-04", - "target_start": "2021-12-04", + "target_end": "2025-11-04", + "target_start": "2025-11-04", "test_strategy": null, "threat_model": true, "tmodel_path": "none", @@ -3065,8 +3065,8 @@ "source_code_management_uri": null, "status": "Not Started", "tags": [], - "target_end": "2022-01-27", - "target_start": "2022-01-20", + "target_end": "2025-12-28", + "target_start": "2025-12-21", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -3114,8 +3114,8 @@ "tags": [ "pci" ], - "target_end": "2021-12-05", - "target_start": "2021-12-05", + "target_end": "2025-11-05", + "target_start": "2025-11-05", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -3161,8 +3161,8 @@ "source_code_management_uri": null, "status": "Blocked", "tags": [], - "target_end": "2022-02-02", - "target_start": "2022-01-30", + "target_end": "2026-01-03", + "target_start": "2025-12-31", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -3208,8 +3208,8 @@ "source_code_management_uri": "https://github.com/psiinon/bodgeit", "status": "Completed", "tags": [], - "target_end": "2021-12-12", - "target_start": "2021-12-05", + "target_end": "2025-11-12", + "target_start": "2025-11-05", "test_strategy": null, "threat_model": false, "tmodel_path": "none", @@ -3253,8 +3253,8 @@ "source_code_management_uri": null, "status": "In Progress", "tags": [], - "target_end": "2021-12-05", - "target_start": "2021-12-05", + "target_end": "2025-11-05", + "target_start": "2025-11-05", "test_strategy": null, "threat_model": false, "tmodel_path": "none", @@ -3331,8 +3331,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2021-03-30T00:00:00Z", - "target_start": "2021-03-21T00:00:00Z", + "target_end": "2025-02-28T16:39:33Z", + "target_start": "2025-02-19T16:39:33Z", "test_type": 1, "title": null, "updated": null, @@ -3360,8 +3360,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2021-04-22T01:00:00Z", - "target_start": "2021-04-21T01:00:00Z", + "target_end": "2025-03-23T17:39:33Z", + "target_start": "2025-03-22T17:39:33Z", "test_type": 1, "title": null, "updated": null, @@ -3387,8 +3387,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2021-03-30T00:00:00Z", - "target_start": "2021-03-21T00:00:00Z", + "target_end": "2025-02-28T16:39:33Z", + "target_start": "2025-02-19T16:39:33Z", "test_type": 1, "title": null, "updated": null, @@ -3416,8 +3416,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2021-12-04T00:00:00Z", - "target_start": "2021-12-04T00:00:00Z", + "target_end": "2025-11-04T16:39:33Z", + "target_start": "2025-11-04T16:39:33Z", "test_type": 12, "title": null, "updated": "2021-12-05T12:52:37.052385054Z", @@ -3445,8 +3445,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2021-12-04T00:00:00Z", - "target_start": "2021-12-04T00:00:00Z", + "target_end": "2025-11-04T16:39:33Z", + "target_start": "2025-11-04T16:39:33Z", "test_type": 12, "title": null, "updated": "2021-12-05T12:54:31.628385054Z", @@ -3474,8 +3474,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2022-02-24T00:00:00Z", - "target_start": "2022-02-19T00:00:00Z", + "target_end": "2026-01-25T16:39:33Z", + "target_start": "2026-01-20T16:39:33Z", "test_type": 21, "title": null, "updated": "2021-12-05T13:17:40.492385054Z", @@ -3530,8 +3530,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2022-01-27T00:00:00Z", - "target_start": "2022-01-20T00:00:00Z", + "target_end": "2025-12-28T16:39:33Z", + "target_start": "2025-12-21T16:39:33Z", "test_type": 1, "title": null, "updated": "2021-12-05T13:34:15.590385054Z", @@ -3559,8 +3559,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2022-01-27T00:00:00Z", - "target_start": "2022-01-20T00:00:00Z", + "target_end": "2025-12-28T16:39:33Z", + "target_start": "2025-12-21T16:39:33Z", "test_type": 19, "title": null, "updated": "2021-12-05T13:34:29.899385054Z", @@ -3588,8 +3588,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2022-01-27T00:00:00Z", - "target_start": "2022-01-20T00:00:00Z", + "target_end": "2025-12-28T16:39:33Z", + "target_start": "2025-12-21T16:39:33Z", "test_type": 17, "title": null, "updated": "2021-12-05T13:34:48.200385054Z", @@ -3617,8 +3617,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2022-01-27T00:00:00Z", - "target_start": "2022-01-20T00:00:00Z", + "target_end": "2025-12-28T16:39:33Z", + "target_start": "2025-12-21T16:39:33Z", "test_type": 11, "title": null, "updated": "2021-12-05T13:35:08.304385054Z", @@ -3646,8 +3646,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2021-12-05T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 17, "title": null, "updated": "2021-12-06T10:35:42.303385054Z", @@ -3675,8 +3675,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2021-12-05T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 28, "title": null, "updated": "2021-12-06T10:37:12.939385054Z", @@ -3704,8 +3704,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2021-12-05T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 9, "title": null, "updated": "2021-12-06T10:38:24.006385054Z", @@ -3733,8 +3733,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2021-12-12T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-12T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 29, "title": null, "updated": "2021-12-06T10:45:30.478385054Z", @@ -3762,8 +3762,8 @@ "percent_complete": null, "scan_type": null, "tags": [], - "target_end": "2021-12-12T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-12T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 3, "title": null, "updated": "2021-12-06T10:45:41.988385054Z", @@ -3791,8 +3791,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2021-12-05T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 30, "title": null, "updated": "2021-12-06T10:58:24.523385054Z", @@ -3820,8 +3820,8 @@ "percent_complete": 100, "scan_type": null, "tags": [], - "target_end": "2021-12-05T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 9, "title": null, "updated": "2021-12-06T14:34:11.974385054Z", @@ -3842,7 +3842,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": null, - "date": "2021-04-21", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -3901,7 +3901,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2021-05-21", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -3933,7 +3933,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": null, - "date": "2021-04-21", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -3992,7 +3992,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2021-05-21", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4024,7 +4024,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": null, - "date": "2021-04-21", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -4083,7 +4083,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2021-05-21", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4115,7 +4115,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": null, - "date": "2021-04-21", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -4174,7 +4174,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2021-05-21", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4206,7 +4206,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": null, - "date": "2021-04-21", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -4265,7 +4265,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2021-05-21", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4297,7 +4297,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 1, - "date": "2021-04-20", + "date": "2025-03-21", "defect_review_requested_by": [ "product_manager" ], @@ -4356,7 +4356,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2021-05-20", + "sla_expiration_date": "2025-04-20", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4388,9 +4388,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -4445,7 +4445,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4477,9 +4477,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -4534,7 +4534,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4566,9 +4566,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 829, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -4623,7 +4623,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4655,9 +4655,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -4712,7 +4712,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4744,9 +4744,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -4801,7 +4801,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4833,9 +4833,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -4890,7 +4890,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -4922,9 +4922,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -4979,7 +4979,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5011,9 +5011,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5068,7 +5068,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5100,9 +5100,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5157,7 +5157,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5189,9 +5189,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5246,7 +5246,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5278,9 +5278,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5335,7 +5335,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5367,9 +5367,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5424,7 +5424,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5456,9 +5456,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\" + type + \"\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5513,7 +5513,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5545,9 +5545,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 329, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5602,7 +5602,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5634,9 +5634,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 182, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5691,7 +5691,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5723,9 +5723,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 646, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5780,7 +5780,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5812,9 +5812,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5869,7 +5869,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5901,9 +5901,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -5958,7 +5958,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -5990,9 +5990,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6047,7 +6047,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6079,9 +6079,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 338, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6136,7 +6136,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6168,9 +6168,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 501, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6225,7 +6225,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6257,9 +6257,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\u003cbr/\u003e\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\u003cbr/\u003e\" + e);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6314,7 +6314,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6346,9 +6346,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 784, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6403,7 +6403,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6435,9 +6435,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6492,7 +6492,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6524,9 +6524,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6581,7 +6581,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6613,9 +6613,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6670,7 +6670,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6702,9 +6702,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6759,7 +6759,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6791,9 +6791,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6848,7 +6848,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6880,9 +6880,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -6937,7 +6937,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -6969,9 +6969,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 614, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7026,7 +7026,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7058,9 +7058,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7115,7 +7115,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7147,9 +7147,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003ctd\u003e\u003c%=username%\u003e\u003c/td\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7204,7 +7204,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7236,9 +7236,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7293,7 +7293,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7325,9 +7325,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7382,7 +7382,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7414,9 +7414,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7471,7 +7471,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7503,9 +7503,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7560,7 +7560,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7592,9 +7592,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7649,7 +7649,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7681,9 +7681,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7738,7 +7738,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7770,9 +7770,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7827,7 +7827,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7859,9 +7859,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -7916,7 +7916,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -7948,9 +7948,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 315, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8005,7 +8005,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8037,9 +8037,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8094,7 +8094,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8126,9 +8126,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8183,7 +8183,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8215,9 +8215,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getInt(\"userid\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"name\") +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8272,7 +8272,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8304,9 +8304,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8361,7 +8361,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8393,9 +8393,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8450,7 +8450,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8482,9 +8482,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8539,7 +8539,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8571,9 +8571,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8628,7 +8628,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8660,9 +8660,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 384, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8717,7 +8717,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8749,9 +8749,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\u003c/TD\u003e\u003cTD\u003e\" + rs.getString(\"PRICE\") + \"\u003c/TD\u003e\u003c/TR\u003e\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\u003c/TD\u003e\u003cTD\u003e\" + rs.getString(\"PRICE\") + \"\u003c/TD\u003e\u003c/TR\u003e\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\u003cTR\u003e\u003cTD\u003e\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\u003cTR\u003e\u003cTD\u003e\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8806,7 +8806,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8838,9 +8838,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8895,7 +8895,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -8927,9 +8927,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -8984,7 +8984,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9016,9 +9016,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9073,7 +9073,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9105,9 +9105,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9162,7 +9162,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9194,9 +9194,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9251,7 +9251,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9283,9 +9283,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\" + type + \"\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9340,7 +9340,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9372,9 +9372,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9429,7 +9429,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9461,9 +9461,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9518,7 +9518,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9550,9 +9550,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9607,7 +9607,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9639,9 +9639,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9696,7 +9696,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9728,9 +9728,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9785,7 +9785,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9817,9 +9817,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9874,7 +9874,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9906,9 +9906,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 362, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\u003ctd align=\\\"right\\\"\u003e\" + nf.format(pricetopay) + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -9963,7 +9963,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -9995,9 +9995,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10052,7 +10052,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10084,9 +10084,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10141,7 +10141,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10173,9 +10173,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \u003cinput type=\"hidden\" id=\"user\" name=\"\u003c%=username%\u003e\" value=\"\"/\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10230,7 +10230,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10262,9 +10262,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 338, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10319,7 +10319,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10351,9 +10351,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10408,7 +10408,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10440,9 +10440,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10497,7 +10497,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10529,9 +10529,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10586,7 +10586,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10618,9 +10618,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10675,7 +10675,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10707,9 +10707,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10764,7 +10764,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10796,9 +10796,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 601, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** \u003ca href=\"javascript:window.location=window.location.href\"\u003eNew Search\u003c/a\u003e\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** \u003ca href=\"javascript:window.location=window.location.href\"\u003eNew Search\u003c/a\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10853,7 +10853,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10885,9 +10885,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -10942,7 +10942,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -10974,9 +10974,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11031,7 +11031,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11063,9 +11063,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11120,7 +11120,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11152,9 +11152,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 829, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11209,7 +11209,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11241,9 +11241,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\u003cscript\u003ealert(\\\"xss\\\")\u003c/script\u003e\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** \u003cb\u003eYou searched for:\u003c/b\u003e \u003c%= query %\u003e\u003cbr/\u003e\u003cbr/\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11298,7 +11298,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11330,9 +11330,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 614, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11387,7 +11387,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11419,9 +11419,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11476,7 +11476,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11508,9 +11508,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 321, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11565,7 +11565,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11597,9 +11597,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 784, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11654,7 +11654,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11686,9 +11686,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11743,7 +11743,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11775,9 +11775,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getInt(\"userid\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"name\") +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11832,7 +11832,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11864,9 +11864,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -11921,7 +11921,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -11953,9 +11953,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12010,7 +12010,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12042,9 +12042,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12099,7 +12099,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12131,9 +12131,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12188,7 +12188,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12220,9 +12220,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \u003ca href=\\\"password.jsp\\\"\u003e\" + username + \"\u003c/a\u003e\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \u003ca href=\\\"password.jsp\\\"\u003e\" + username + \"\u003c/a\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12277,7 +12277,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12309,9 +12309,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12366,7 +12366,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12398,9 +12398,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12455,7 +12455,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12487,9 +12487,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 321, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12544,7 +12544,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12576,9 +12576,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12633,7 +12633,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12665,9 +12665,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12722,7 +12722,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12754,9 +12754,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12811,7 +12811,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12843,9 +12843,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12900,7 +12900,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -12932,9 +12932,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -12989,7 +12989,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13021,9 +13021,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13078,7 +13078,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13110,9 +13110,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13167,7 +13167,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13199,9 +13199,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13256,7 +13256,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13288,9 +13288,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13345,7 +13345,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13377,9 +13377,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 784, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13434,7 +13434,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13466,9 +13466,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13523,7 +13523,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13555,9 +13555,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 567, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13612,7 +13612,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13644,9 +13644,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13701,7 +13701,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13733,9 +13733,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13790,7 +13790,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13822,9 +13822,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13879,7 +13879,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -13911,9 +13911,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 384, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -13968,7 +13968,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14000,9 +14000,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14057,7 +14057,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14089,9 +14089,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14146,7 +14146,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14178,9 +14178,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14235,7 +14235,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14267,9 +14267,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14324,7 +14324,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14356,9 +14356,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14413,7 +14413,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14445,9 +14445,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14502,7 +14502,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14534,9 +14534,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14591,7 +14591,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14623,9 +14623,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14680,7 +14680,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14712,9 +14712,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14769,7 +14769,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14801,9 +14801,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14858,7 +14858,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14890,9 +14890,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \u003cinput type=\"hidden\" id=\"user\" name=\"\u003c%=username%\u003e\" value=\"\"/\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -14947,7 +14947,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -14979,9 +14979,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15036,7 +15036,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15068,9 +15068,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 614, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15125,7 +15125,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15157,9 +15157,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15214,7 +15214,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15246,9 +15246,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 362, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\u003c/td\u003e\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15303,7 +15303,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15335,9 +15335,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15392,7 +15392,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15424,9 +15424,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15481,7 +15481,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15513,9 +15513,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15570,7 +15570,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15602,9 +15602,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15659,7 +15659,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15691,9 +15691,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15748,7 +15748,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15780,9 +15780,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15837,7 +15837,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15869,9 +15869,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 352, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -15926,7 +15926,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -15958,9 +15958,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16015,7 +16015,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16047,9 +16047,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16104,7 +16104,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16136,9 +16136,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16193,7 +16193,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16225,9 +16225,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16282,7 +16282,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16314,9 +16314,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 829, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16371,7 +16371,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16403,9 +16403,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16460,7 +16460,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16492,9 +16492,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16549,7 +16549,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16581,9 +16581,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16638,7 +16638,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16670,9 +16670,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16727,7 +16727,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16759,9 +16759,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16816,7 +16816,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16848,9 +16848,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16905,7 +16905,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -16937,9 +16937,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -16994,7 +16994,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17026,9 +17026,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17083,7 +17083,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17115,9 +17115,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17172,7 +17172,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17204,9 +17204,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\" + type + \"\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17261,7 +17261,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17293,9 +17293,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 329, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17350,7 +17350,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17382,9 +17382,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 182, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17439,7 +17439,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17471,9 +17471,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 646, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17528,7 +17528,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17560,9 +17560,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17617,7 +17617,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17649,9 +17649,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17706,7 +17706,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17738,9 +17738,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17795,7 +17795,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17827,9 +17827,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 338, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17884,7 +17884,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -17916,9 +17916,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 501, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -17973,7 +17973,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18005,9 +18005,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\u003cbr/\u003e\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\u003cbr/\u003e\" + e);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18062,7 +18062,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18094,9 +18094,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 784, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18151,7 +18151,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18183,9 +18183,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18240,7 +18240,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18272,9 +18272,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18329,7 +18329,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18361,9 +18361,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18418,7 +18418,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18450,9 +18450,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18507,7 +18507,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18539,9 +18539,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18596,7 +18596,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18628,9 +18628,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18685,7 +18685,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18717,9 +18717,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 614, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18774,7 +18774,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18806,9 +18806,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18863,7 +18863,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18895,9 +18895,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003ctd\u003e\u003c%=username%\u003e\u003c/td\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -18952,7 +18952,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -18984,9 +18984,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19041,7 +19041,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19073,9 +19073,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19130,7 +19130,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19162,9 +19162,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19219,7 +19219,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19251,9 +19251,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19308,7 +19308,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19340,9 +19340,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19397,7 +19397,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19429,9 +19429,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19486,7 +19486,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19518,9 +19518,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19575,7 +19575,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19607,9 +19607,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19664,7 +19664,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19696,9 +19696,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 315, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19753,7 +19753,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19785,9 +19785,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19842,7 +19842,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19874,9 +19874,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -19931,7 +19931,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -19963,9 +19963,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getInt(\"userid\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"name\") +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20020,7 +20020,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20052,9 +20052,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20109,7 +20109,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20141,9 +20141,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20198,7 +20198,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20230,9 +20230,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20287,7 +20287,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20319,9 +20319,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20376,7 +20376,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20408,9 +20408,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 384, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20465,7 +20465,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20497,9 +20497,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\u003c/TD\u003e\u003cTD\u003e\" + rs.getString(\"PRICE\") + \"\u003c/TD\u003e\u003c/TR\u003e\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\u003c/TD\u003e\u003cTD\u003e\" + rs.getString(\"PRICE\") + \"\u003c/TD\u003e\u003c/TR\u003e\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\u003cTR\u003e\u003cTD\u003e\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\u003cTR\u003e\u003cTD\u003e\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20554,7 +20554,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20586,9 +20586,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20643,7 +20643,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20675,9 +20675,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20732,7 +20732,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20764,9 +20764,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20821,7 +20821,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20853,9 +20853,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20910,7 +20910,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -20942,9 +20942,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -20999,7 +20999,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21031,9 +21031,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\" + type + \"\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21088,7 +21088,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21120,9 +21120,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21177,7 +21177,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21209,9 +21209,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21266,7 +21266,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21298,9 +21298,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21355,7 +21355,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21387,9 +21387,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21444,7 +21444,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21476,9 +21476,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21533,7 +21533,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21565,9 +21565,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21622,7 +21622,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21654,9 +21654,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 362, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\u003ctd align=\\\"right\\\"\u003e\" + nf.format(pricetopay) + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21711,7 +21711,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21743,9 +21743,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21800,7 +21800,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21832,9 +21832,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21889,7 +21889,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -21921,9 +21921,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \u003cinput type=\"hidden\" id=\"user\" name=\"\u003c%=username%\u003e\" value=\"\"/\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -21978,7 +21978,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22010,9 +22010,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 338, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22067,7 +22067,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22099,9 +22099,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22156,7 +22156,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22188,9 +22188,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22245,7 +22245,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22277,9 +22277,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22334,7 +22334,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22366,9 +22366,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22423,7 +22423,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22455,9 +22455,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22512,7 +22512,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22544,9 +22544,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 601, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** \u003ca href=\"javascript:window.location=window.location.href\"\u003eNew Search\u003c/a\u003e\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** \u003ca href=\"javascript:window.location=window.location.href\"\u003eNew Search\u003c/a\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22601,7 +22601,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22633,9 +22633,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22690,7 +22690,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22722,9 +22722,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22779,7 +22779,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22811,9 +22811,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22868,7 +22868,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22900,9 +22900,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 829, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -22957,7 +22957,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -22989,9 +22989,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\u003cscript\u003ealert(\\\"xss\\\")\u003c/script\u003e\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** \u003cb\u003eYou searched for:\u003c/b\u003e \u003c%= query %\u003e\u003cbr/\u003e\u003cbr/\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23046,7 +23046,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23078,9 +23078,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 614, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23135,7 +23135,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23167,9 +23167,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23224,7 +23224,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23256,9 +23256,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 321, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23313,7 +23313,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23345,9 +23345,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 784, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23402,7 +23402,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23434,9 +23434,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23491,7 +23491,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23523,9 +23523,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getInt(\"userid\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"name\") +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23580,7 +23580,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23612,9 +23612,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23669,7 +23669,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23701,9 +23701,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23758,7 +23758,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23790,9 +23790,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23847,7 +23847,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23879,9 +23879,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -23936,7 +23936,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -23968,9 +23968,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \u003ca href=\\\"password.jsp\\\"\u003e\" + username + \"\u003c/a\u003e\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \u003ca href=\\\"password.jsp\\\"\u003e\" + username + \"\u003c/a\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24025,7 +24025,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24057,9 +24057,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24114,7 +24114,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24146,9 +24146,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24203,7 +24203,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24235,9 +24235,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 321, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24292,7 +24292,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24324,9 +24324,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24381,7 +24381,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24413,9 +24413,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24470,7 +24470,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24502,9 +24502,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24559,7 +24559,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24591,9 +24591,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24648,7 +24648,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24680,9 +24680,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24737,7 +24737,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24769,9 +24769,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24826,7 +24826,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24858,9 +24858,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -24915,7 +24915,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -24947,9 +24947,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25004,7 +25004,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25036,9 +25036,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25093,7 +25093,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25125,9 +25125,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 784, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25182,7 +25182,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25214,9 +25214,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25271,7 +25271,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25303,9 +25303,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 567, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25360,7 +25360,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25392,9 +25392,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25449,7 +25449,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25481,9 +25481,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25538,7 +25538,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25570,9 +25570,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25627,7 +25627,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25659,9 +25659,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 384, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25716,7 +25716,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25748,9 +25748,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25805,7 +25805,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25837,9 +25837,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25894,7 +25894,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -25926,9 +25926,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -25983,7 +25983,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26015,9 +26015,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26072,7 +26072,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26104,9 +26104,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26161,7 +26161,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26193,9 +26193,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26250,7 +26250,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26282,9 +26282,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26339,7 +26339,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26371,9 +26371,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26428,7 +26428,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26460,9 +26460,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26517,7 +26517,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26549,9 +26549,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26606,7 +26606,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26638,9 +26638,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \u003cinput type=\"hidden\" id=\"user\" name=\"\u003c%=username%\u003e\" value=\"\"/\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26695,7 +26695,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26727,9 +26727,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26784,7 +26784,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26816,9 +26816,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 614, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26873,7 +26873,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26905,9 +26905,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -26962,7 +26962,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -26994,9 +26994,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 362, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\u003c/td\u003e\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -27051,7 +27051,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -27083,9 +27083,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -27140,7 +27140,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -27172,9 +27172,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -27229,7 +27229,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -27261,9 +27261,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -27318,7 +27318,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -27350,9 +27350,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -27407,7 +27407,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -27439,9 +27439,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -27496,7 +27496,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -27528,9 +27528,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -27585,7 +27585,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -27617,9 +27617,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 352, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -27674,7 +27674,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -27706,9 +27706,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -27763,7 +27763,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -27795,9 +27795,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -27852,7 +27852,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -27884,9 +27884,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -27941,7 +27941,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -27973,9 +27973,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -28030,7 +28030,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -28062,9 +28062,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 338, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -28119,7 +28119,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -28151,9 +28151,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -28208,7 +28208,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -28240,9 +28240,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -28297,7 +28297,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -28329,9 +28329,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -28386,7 +28386,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -28418,9 +28418,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -28475,7 +28475,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -28507,7 +28507,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": null, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "asdf", "duplicate": false, @@ -28594,7 +28594,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 1035, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.", "duplicate": false, @@ -28651,7 +28651,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -28683,7 +28683,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 1035, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.", "duplicate": false, @@ -28740,7 +28740,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -28772,7 +28772,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n", "duplicate": false, @@ -28861,7 +28861,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n", "duplicate": false, @@ -28918,7 +28918,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -28950,7 +28950,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", "duplicate": false, @@ -29007,7 +29007,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -29039,7 +29039,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n", "duplicate": false, @@ -29128,7 +29128,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n", "duplicate": false, @@ -29217,7 +29217,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n", "duplicate": false, @@ -29306,7 +29306,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n", "duplicate": false, @@ -29363,7 +29363,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -29395,7 +29395,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n", "duplicate": false, @@ -29484,7 +29484,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n", "duplicate": false, @@ -29573,7 +29573,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n", "duplicate": false, @@ -29662,7 +29662,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n", "duplicate": false, @@ -29719,7 +29719,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -29751,7 +29751,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", "duplicate": false, @@ -29840,7 +29840,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", "duplicate": false, @@ -29929,7 +29929,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", "duplicate": false, @@ -29986,7 +29986,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -30018,7 +30018,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n", "duplicate": false, @@ -30107,7 +30107,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n", "duplicate": false, @@ -30196,7 +30196,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n", "duplicate": false, @@ -30285,7 +30285,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n", "duplicate": false, @@ -30374,7 +30374,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", "duplicate": false, @@ -30431,7 +30431,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -30463,7 +30463,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", "duplicate": false, @@ -30552,9 +30552,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, - "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto \u003cscript\u003ealert(1)\u003c/script\u003enwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 \u003cscript\u003ealert(1)\u003c/script\u003ejledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": true, @@ -30583,7 +30583,7 @@ "line": null, "mitigated": null, "mitigated_by": null, - "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", "nb_occurences": null, "notes": [], "numerical_severity": "S1", @@ -30609,7 +30609,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -30641,7 +30641,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/\n\n\n", "duplicate": false, @@ -30698,7 +30698,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -30730,7 +30730,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", "duplicate": false, @@ -30787,7 +30787,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -30819,7 +30819,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", "duplicate": false, @@ -30908,7 +30908,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", "duplicate": false, @@ -30997,7 +30997,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", "duplicate": false, @@ -31054,7 +31054,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -31086,7 +31086,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", "duplicate": false, @@ -31117,7 +31117,7 @@ "line": null, "mitigated": null, "mitigated_by": null, - "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\u003c!doctype html\u003e\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", "nb_occurences": null, "notes": [], "numerical_severity": "S4", @@ -31175,7 +31175,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", "duplicate": false, @@ -31232,7 +31232,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -31264,7 +31264,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n", "duplicate": false, @@ -31321,7 +31321,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -31353,7 +31353,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", "duplicate": false, @@ -31410,7 +31410,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -31442,7 +31442,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", "duplicate": false, @@ -31499,7 +31499,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -31531,7 +31531,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", "duplicate": false, @@ -31588,7 +31588,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -31620,7 +31620,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n", "duplicate": false, @@ -31643,7 +31643,7 @@ "is_mitigated": false, "kev_date": null, "known_exploited": false, - "last_reviewed": "2021-12-06T07:07:19Z", + "last_reviewed": "2025-11-06T23:46:52Z", "last_reviewed_by": [ "admin" ], @@ -31677,7 +31677,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -31709,7 +31709,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", "duplicate": false, @@ -31766,7 +31766,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -31798,7 +31798,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", "duplicate": false, @@ -31855,7 +31855,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -31887,7 +31887,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", "duplicate": false, @@ -31944,7 +31944,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -31976,7 +31976,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", "duplicate": false, @@ -32033,7 +32033,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -32065,7 +32065,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", "duplicate": false, @@ -32122,7 +32122,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -32154,7 +32154,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n", "duplicate": false, @@ -32211,7 +32211,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -32243,7 +32243,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n", "duplicate": false, @@ -32300,7 +32300,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -32332,7 +32332,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n", "duplicate": false, @@ -32389,7 +32389,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -32421,7 +32421,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n", "duplicate": false, @@ -32478,7 +32478,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -32510,7 +32510,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", "duplicate": false, @@ -32567,7 +32567,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -32599,7 +32599,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n", "duplicate": false, @@ -32656,7 +32656,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -32688,9 +32688,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, - "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(\u0026version)\n", + "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -32745,7 +32745,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -32777,7 +32777,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n", "duplicate": false, @@ -32834,7 +32834,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -32866,7 +32866,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", "duplicate": false, @@ -32923,7 +32923,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -32955,7 +32955,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", "duplicate": false, @@ -33012,7 +33012,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -33044,7 +33044,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", "duplicate": false, @@ -33101,7 +33101,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -33133,7 +33133,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n", "duplicate": false, @@ -33190,7 +33190,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -33222,7 +33222,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", "duplicate": false, @@ -33279,7 +33279,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -33311,7 +33311,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n", "duplicate": false, @@ -33368,7 +33368,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -33400,7 +33400,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", "duplicate": false, @@ -33457,7 +33457,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -33489,7 +33489,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", "duplicate": false, @@ -33546,7 +33546,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -33578,7 +33578,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n", "duplicate": false, @@ -33635,7 +33635,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -33667,7 +33667,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n", "duplicate": false, @@ -33724,7 +33724,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -33756,7 +33756,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", "duplicate": false, @@ -33813,7 +33813,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -33845,7 +33845,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", "duplicate": false, @@ -33934,9 +33934,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, - "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto \u003cscript\u003ealert(1)\u003c/script\u003enwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 \u003cscript\u003ealert(1)\u003c/script\u003ejledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": true, @@ -33965,7 +33965,7 @@ "line": null, "mitigated": null, "mitigated_by": null, - "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", "nb_occurences": null, "notes": [], "numerical_severity": "S1", @@ -33991,7 +33991,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -34023,7 +34023,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/\n\n\n", "duplicate": false, @@ -34080,7 +34080,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -34112,7 +34112,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", "duplicate": false, @@ -34169,7 +34169,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -34201,7 +34201,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", "duplicate": false, @@ -34290,7 +34290,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", "duplicate": false, @@ -34379,7 +34379,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", "duplicate": false, @@ -34436,7 +34436,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -34468,7 +34468,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", "duplicate": false, @@ -34499,7 +34499,7 @@ "line": null, "mitigated": null, "mitigated_by": null, - "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\u003c!doctype html\u003e\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", "nb_occurences": null, "notes": [], "numerical_severity": "S4", @@ -34557,7 +34557,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", "duplicate": false, @@ -34614,7 +34614,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -34636,7 +34636,7 @@ }, { "fields": { - "date": "2021-04-09", + "date": "2025-03-10", "description": "test stub finding", "reporter": [ "admin" @@ -34650,7 +34650,7 @@ }, { "fields": { - "date": "2021-04-09", + "date": "2025-03-10", "description": "test stub finding", "reporter": [ "admin" @@ -34664,7 +34664,7 @@ }, { "fields": { - "date": "2021-04-09", + "date": "2025-03-10", "description": "test stub finding", "reporter": [ "admin" @@ -44666,8 +44666,8 @@ }, { "fields": { - "created": "2018-07-18T19:31:16Z", - "modified": "2018-07-18T19:31:16Z", + "created": "2022-06-19T12:10:49Z", + "modified": "2022-06-19T12:10:49Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44681,8 +44681,8 @@ }, { "fields": { - "created": "2018-07-18T19:31:30Z", - "modified": "2018-07-18T19:31:30Z", + "created": "2022-06-19T12:11:03Z", + "modified": "2022-06-19T12:11:03Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44696,8 +44696,8 @@ }, { "fields": { - "created": "2018-07-18T19:31:45Z", - "modified": "2018-07-18T19:31:45Z", + "created": "2022-06-19T12:11:18Z", + "modified": "2022-06-19T12:11:18Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44711,8 +44711,8 @@ }, { "fields": { - "created": "2018-07-18T19:52:57Z", - "modified": "2018-07-18T19:52:57Z", + "created": "2022-06-19T12:32:30Z", + "modified": "2022-06-19T12:32:30Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44726,8 +44726,8 @@ }, { "fields": { - "created": "2018-07-18T19:53:37Z", - "modified": "2018-07-18T19:53:37Z", + "created": "2022-06-19T12:33:10Z", + "modified": "2022-06-19T12:33:10Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44741,8 +44741,8 @@ }, { "fields": { - "created": "2018-07-18T19:54:20Z", - "modified": "2018-07-18T19:54:20Z", + "created": "2022-06-19T12:33:53Z", + "modified": "2022-06-19T12:33:53Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44756,8 +44756,8 @@ }, { "fields": { - "created": "2018-07-18T19:54:34Z", - "modified": "2018-07-18T19:54:34Z", + "created": "2022-06-19T12:34:07Z", + "modified": "2022-06-19T12:34:07Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44771,8 +44771,8 @@ }, { "fields": { - "created": "2018-07-18T19:54:48Z", - "modified": "2018-07-18T19:54:48Z", + "created": "2022-06-19T12:34:21Z", + "modified": "2022-06-19T12:34:21Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44786,8 +44786,8 @@ }, { "fields": { - "created": "2018-07-18T19:55:00Z", - "modified": "2018-07-18T19:55:00Z", + "created": "2022-06-19T12:34:33Z", + "modified": "2022-06-19T12:34:33Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44801,8 +44801,8 @@ }, { "fields": { - "created": "2018-07-18T19:55:20Z", - "modified": "2018-07-18T19:55:20Z", + "created": "2022-06-19T12:34:53Z", + "modified": "2022-06-19T12:34:53Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44816,8 +44816,8 @@ }, { "fields": { - "created": "2018-07-18T19:56:24Z", - "modified": "2018-07-18T19:56:24Z", + "created": "2022-06-19T12:35:57Z", + "modified": "2022-06-19T12:35:57Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44831,8 +44831,8 @@ }, { "fields": { - "created": "2018-07-18T19:57:22Z", - "modified": "2018-07-18T19:57:22Z", + "created": "2022-06-19T12:36:55Z", + "modified": "2022-06-19T12:36:55Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44846,8 +44846,8 @@ }, { "fields": { - "created": "2018-07-18T19:57:34Z", - "modified": "2018-07-18T19:57:34Z", + "created": "2022-06-19T12:37:07Z", + "modified": "2022-06-19T12:37:07Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44861,8 +44861,8 @@ }, { "fields": { - "created": "2018-07-18T19:57:55Z", - "modified": "2018-07-18T19:57:55Z", + "created": "2022-06-19T12:37:28Z", + "modified": "2022-06-19T12:37:28Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44876,8 +44876,8 @@ }, { "fields": { - "created": "2018-07-18T19:58:36Z", - "modified": "2018-07-18T19:58:36Z", + "created": "2022-06-19T12:38:09Z", + "modified": "2022-06-19T12:38:09Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44891,8 +44891,8 @@ }, { "fields": { - "created": "2018-07-18T20:00:35Z", - "modified": "2018-07-18T20:00:35Z", + "created": "2022-06-19T12:40:08Z", + "modified": "2022-06-19T12:40:08Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44906,8 +44906,8 @@ }, { "fields": { - "created": "2018-07-18T20:00:46Z", - "modified": "2018-07-18T20:00:46Z", + "created": "2022-06-19T12:40:19Z", + "modified": "2022-06-19T12:40:19Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44921,8 +44921,8 @@ }, { "fields": { - "created": "2018-07-18T20:00:58Z", - "modified": "2018-07-18T20:00:58Z", + "created": "2022-06-19T12:40:31Z", + "modified": "2022-06-19T12:40:31Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44936,8 +44936,8 @@ }, { "fields": { - "created": "2018-07-18T20:02:18Z", - "modified": "2018-07-18T20:02:18Z", + "created": "2022-06-19T12:41:51Z", + "modified": "2022-06-19T12:41:51Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44951,8 +44951,8 @@ }, { "fields": { - "created": "2018-07-18T20:02:32Z", - "modified": "2018-07-18T20:02:32Z", + "created": "2022-06-19T12:42:05Z", + "modified": "2022-06-19T12:42:05Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44966,23 +44966,23 @@ }, { "fields": { - "created": "2018-07-18T20:02:46Z", - "modified": "2018-07-18T20:02:46Z", + "created": "2022-06-19T12:42:19Z", + "modified": "2022-06-19T12:42:19Z", "optional": false, "order": 1, "polymorphic_ctype": [ "dojo", "benchmark_category" ], - "text": "When does information cross a privacy boundary within your application flow? For instance public cloud -\u003e private cloud, public internet -\u003e public cloud, etc." + "text": "When does information cross a privacy boundary within your application flow? For instance public cloud -> private cloud, public internet -> public cloud, etc." }, "model": "dojo.question", "pk": 23 }, { "fields": { - "created": "2018-07-18T20:02:57Z", - "modified": "2018-07-18T20:02:57Z", + "created": "2022-06-19T12:42:30Z", + "modified": "2022-06-19T12:42:30Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -44996,8 +44996,8 @@ }, { "fields": { - "created": "2018-07-18T20:04:46Z", - "modified": "2018-07-18T20:04:46Z", + "created": "2022-06-19T12:44:19Z", + "modified": "2022-06-19T12:44:19Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45011,8 +45011,8 @@ }, { "fields": { - "created": "2018-07-18T20:05:10Z", - "modified": "2018-07-18T20:05:10Z", + "created": "2022-06-19T12:44:43Z", + "modified": "2022-06-19T12:44:43Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45026,8 +45026,8 @@ }, { "fields": { - "created": "2018-07-18T20:05:22Z", - "modified": "2018-07-18T20:05:22Z", + "created": "2022-06-19T12:44:55Z", + "modified": "2022-06-19T12:44:55Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45041,8 +45041,8 @@ }, { "fields": { - "created": "2018-07-18T20:05:32Z", - "modified": "2018-07-18T20:05:32Z", + "created": "2022-06-19T12:45:05Z", + "modified": "2022-06-19T12:45:05Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45056,8 +45056,8 @@ }, { "fields": { - "created": "2018-07-18T20:05:43Z", - "modified": "2018-07-18T20:05:43Z", + "created": "2022-06-19T12:45:16Z", + "modified": "2022-06-19T12:45:16Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45071,8 +45071,8 @@ }, { "fields": { - "created": "2018-07-18T20:05:57Z", - "modified": "2018-07-18T20:05:57Z", + "created": "2022-06-19T12:45:30Z", + "modified": "2022-06-19T12:45:30Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45086,8 +45086,8 @@ }, { "fields": { - "created": "2018-07-18T20:06:15Z", - "modified": "2018-07-18T20:06:15Z", + "created": "2022-06-19T12:45:48Z", + "modified": "2022-06-19T12:45:48Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45101,8 +45101,8 @@ }, { "fields": { - "created": "2018-07-18T20:08:08Z", - "modified": "2018-07-18T20:08:08Z", + "created": "2022-06-19T12:47:41Z", + "modified": "2022-06-19T12:47:41Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45116,8 +45116,8 @@ }, { "fields": { - "created": "2018-07-18T20:08:19Z", - "modified": "2018-07-18T20:08:19Z", + "created": "2022-06-19T12:47:52Z", + "modified": "2022-06-19T12:47:52Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45131,8 +45131,8 @@ }, { "fields": { - "created": "2018-07-18T20:08:30Z", - "modified": "2018-07-18T20:08:30Z", + "created": "2022-06-19T12:48:03Z", + "modified": "2022-06-19T12:48:03Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45146,8 +45146,8 @@ }, { "fields": { - "created": "2018-07-18T20:08:43Z", - "modified": "2018-07-18T20:08:43Z", + "created": "2022-06-19T12:48:16Z", + "modified": "2022-06-19T12:48:16Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45161,8 +45161,8 @@ }, { "fields": { - "created": "2018-07-18T20:08:54Z", - "modified": "2018-07-18T20:08:54Z", + "created": "2022-06-19T12:48:27Z", + "modified": "2022-06-19T12:48:27Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45176,8 +45176,8 @@ }, { "fields": { - "created": "2018-07-18T20:10:15Z", - "modified": "2018-07-18T20:10:15Z", + "created": "2022-06-19T12:49:48Z", + "modified": "2022-06-19T12:49:48Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45191,8 +45191,8 @@ }, { "fields": { - "created": "2018-07-18T20:10:30Z", - "modified": "2018-07-18T20:10:30Z", + "created": "2022-06-19T12:50:03Z", + "modified": "2022-06-19T12:50:03Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45206,8 +45206,8 @@ }, { "fields": { - "created": "2018-07-18T20:10:42Z", - "modified": "2018-07-18T20:10:42Z", + "created": "2022-06-19T12:50:15Z", + "modified": "2022-06-19T12:50:15Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45221,8 +45221,8 @@ }, { "fields": { - "created": "2018-07-18T20:10:52Z", - "modified": "2018-07-18T20:10:52Z", + "created": "2022-06-19T12:50:25Z", + "modified": "2022-06-19T12:50:25Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45236,8 +45236,8 @@ }, { "fields": { - "created": "2018-07-18T20:11:04Z", - "modified": "2018-07-18T20:11:04Z", + "created": "2022-06-19T12:50:37Z", + "modified": "2022-06-19T12:50:37Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45251,8 +45251,8 @@ }, { "fields": { - "created": "2018-07-18T20:11:17Z", - "modified": "2018-07-18T20:11:17Z", + "created": "2022-06-19T12:50:50Z", + "modified": "2022-06-19T12:50:50Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -45266,8 +45266,8 @@ }, { "fields": { - "created": "2018-07-18T20:11:30Z", - "modified": "2018-07-18T20:11:30Z", + "created": "2022-06-19T12:51:03Z", + "modified": "2022-06-19T12:51:03Z", "optional": false, "order": 1, "polymorphic_ctype": [ @@ -46438,7 +46438,7 @@ }, { "fields": { - "date_joined": "2021-08-01T07:59:51Z", + "date_joined": "2025-07-03T00:39:24Z", "email": "", "first_name": "", "id": 2, @@ -47237,8 +47237,8 @@ "source_code_management_server": null, "source_code_management_uri": null, "status": "In Progress", - "target_end": "2021-07-31", - "target_start": "2021-07-31", + "target_end": "2025-07-01", + "target_start": "2025-07-01", "test_strategy": null, "threat_model": true, "tmodel_path": "none", @@ -47284,8 +47284,8 @@ "source_code_management_server": null, "source_code_management_uri": null, "status": "Completed", - "target_end": "2021-07-31", - "target_start": "2021-07-31", + "target_end": "2025-07-01", + "target_start": "2025-07-01", "test_strategy": "", "threat_model": true, "tmodel_path": "none", @@ -47331,8 +47331,8 @@ "source_code_management_server": null, "source_code_management_uri": null, "status": "Completed", - "target_end": "2021-07-23", - "target_start": "2021-07-22", + "target_end": "2025-06-23", + "target_start": "2025-06-22", "test_strategy": null, "threat_model": true, "tmodel_path": "none", @@ -47378,8 +47378,8 @@ "source_code_management_server": null, "source_code_management_uri": null, "status": "Completed", - "target_end": "2021-12-11", - "target_start": "2021-12-04", + "target_end": "2025-11-11", + "target_start": "2025-11-04", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -47425,8 +47425,8 @@ "source_code_management_server": null, "source_code_management_uri": null, "status": "Not Started", - "target_end": "2022-02-26", - "target_start": "2022-02-19", + "target_end": "2026-01-27", + "target_start": "2026-01-20", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -47470,8 +47470,8 @@ "source_code_management_server": null, "source_code_management_uri": null, "status": "", - "target_end": "2021-12-04", - "target_start": "2021-12-04", + "target_end": "2025-11-04", + "target_start": "2025-11-04", "test_strategy": null, "threat_model": true, "tmodel_path": "none", @@ -47517,8 +47517,8 @@ "source_code_management_server": null, "source_code_management_uri": null, "status": "Not Started", - "target_end": "2022-01-27", - "target_start": "2022-01-20", + "target_end": "2025-12-28", + "target_start": "2025-12-21", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -47564,8 +47564,8 @@ "source_code_management_server": null, "source_code_management_uri": null, "status": "Completed", - "target_end": "2021-12-05", - "target_start": "2021-12-05", + "target_end": "2025-11-05", + "target_start": "2025-11-05", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -47611,8 +47611,8 @@ "source_code_management_server": null, "source_code_management_uri": null, "status": "Blocked", - "target_end": "2022-02-02", - "target_start": "2022-01-30", + "target_end": "2026-01-03", + "target_start": "2025-12-31", "test_strategy": "", "threat_model": false, "tmodel_path": "none", @@ -47658,8 +47658,8 @@ "source_code_management_server": null, "source_code_management_uri": "https://github.com/psiinon/bodgeit", "status": "Completed", - "target_end": "2021-12-12", - "target_start": "2021-12-05", + "target_end": "2025-11-12", + "target_start": "2025-11-05", "test_strategy": null, "threat_model": false, "tmodel_path": "none", @@ -47703,8 +47703,8 @@ "source_code_management_server": null, "source_code_management_uri": null, "status": "In Progress", - "target_end": "2021-12-05", - "target_start": "2021-12-05", + "target_end": "2025-11-05", + "target_start": "2025-11-05", "test_strategy": null, "threat_model": false, "tmodel_path": "none", @@ -47727,7 +47727,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": null, - "date": "2021-04-21", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -47784,7 +47784,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2021-05-21", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -47815,7 +47815,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": null, - "date": "2021-04-21", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -47872,7 +47872,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2021-05-21", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -47903,7 +47903,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": null, - "date": "2021-04-21", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -47960,7 +47960,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2021-05-21", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -47991,7 +47991,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": null, - "date": "2021-04-21", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -48048,7 +48048,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2021-05-21", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -48079,7 +48079,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": null, - "date": "2021-04-21", + "date": "2025-03-22", "defect_review_requested_by": [ "admin" ], @@ -48136,7 +48136,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2021-05-21", + "sla_expiration_date": "2025-04-21", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -48167,7 +48167,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 1, - "date": "2021-04-20", + "date": "2025-03-21", "defect_review_requested_by": [ "product_manager" ], @@ -48224,7 +48224,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2021-05-20", + "sla_expiration_date": "2025-04-20", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -48255,9 +48255,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -48310,7 +48310,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -48341,9 +48341,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -48396,7 +48396,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -48427,9 +48427,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 829, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -48482,7 +48482,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -48513,9 +48513,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -48568,7 +48568,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -48599,9 +48599,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -48654,7 +48654,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -48685,9 +48685,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -48740,7 +48740,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -48771,9 +48771,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -48826,7 +48826,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -48857,9 +48857,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -48912,7 +48912,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -48943,9 +48943,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -48998,7 +48998,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -49029,9 +49029,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -49084,7 +49084,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -49115,9 +49115,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -49170,7 +49170,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -49201,9 +49201,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -49256,7 +49256,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -49287,9 +49287,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\" + type + \"\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -49342,7 +49342,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -49373,9 +49373,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 329, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -49428,7 +49428,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -49459,9 +49459,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 182, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -49514,7 +49514,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -49545,9 +49545,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 646, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -49600,7 +49600,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -49631,9 +49631,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -49686,7 +49686,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -49717,9 +49717,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -49772,7 +49772,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -49803,9 +49803,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -49858,7 +49858,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -49889,9 +49889,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 338, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -49944,7 +49944,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -49975,9 +49975,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 501, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -50030,7 +50030,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -50061,9 +50061,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\u003cbr/\u003e\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\u003cbr/\u003e\" + e);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -50116,7 +50116,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -50147,9 +50147,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 784, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -50202,7 +50202,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -50233,9 +50233,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -50288,7 +50288,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -50319,9 +50319,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -50374,7 +50374,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -50405,9 +50405,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -50460,7 +50460,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -50491,9 +50491,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -50546,7 +50546,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -50577,9 +50577,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -50632,7 +50632,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -50663,9 +50663,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -50718,7 +50718,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -50749,9 +50749,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 614, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -50804,7 +50804,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -50835,9 +50835,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -50890,7 +50890,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -50921,9 +50921,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003ctd\u003e\u003c%=username%\u003e\u003c/td\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -50976,7 +50976,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -51007,9 +51007,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -51062,7 +51062,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -51093,9 +51093,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -51148,7 +51148,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -51179,9 +51179,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -51234,7 +51234,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -51265,9 +51265,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -51320,7 +51320,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -51351,9 +51351,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -51406,7 +51406,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -51437,9 +51437,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -51492,7 +51492,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -51523,9 +51523,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -51578,7 +51578,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -51609,9 +51609,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -51664,7 +51664,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -51695,9 +51695,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 315, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -51750,7 +51750,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -51781,9 +51781,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -51836,7 +51836,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -51867,9 +51867,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -51922,7 +51922,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -51953,9 +51953,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getInt(\"userid\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"name\") +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -52008,7 +52008,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -52039,9 +52039,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -52094,7 +52094,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -52125,9 +52125,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -52180,7 +52180,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -52211,9 +52211,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -52266,7 +52266,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -52297,9 +52297,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -52352,7 +52352,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -52383,9 +52383,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 384, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -52438,7 +52438,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -52469,9 +52469,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\u003c/TD\u003e\u003cTD\u003e\" + rs.getString(\"PRICE\") + \"\u003c/TD\u003e\u003c/TR\u003e\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\u003c/TD\u003e\u003cTD\u003e\" + rs.getString(\"PRICE\") + \"\u003c/TD\u003e\u003c/TR\u003e\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\u003cTR\u003e\u003cTD\u003e\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\u003cTR\u003e\u003cTD\u003e\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -52524,7 +52524,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -52555,9 +52555,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -52610,7 +52610,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -52641,9 +52641,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -52696,7 +52696,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -52727,9 +52727,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -52782,7 +52782,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -52813,9 +52813,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -52868,7 +52868,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -52899,9 +52899,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -52954,7 +52954,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -52985,9 +52985,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\" + type + \"\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -53040,7 +53040,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -53071,9 +53071,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -53126,7 +53126,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -53157,9 +53157,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -53212,7 +53212,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -53243,9 +53243,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -53298,7 +53298,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -53329,9 +53329,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -53384,7 +53384,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -53415,9 +53415,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -53470,7 +53470,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -53501,9 +53501,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -53556,7 +53556,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -53587,9 +53587,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 362, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\u003ctd align=\\\"right\\\"\u003e\" + nf.format(pricetopay) + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -53642,7 +53642,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -53673,9 +53673,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -53728,7 +53728,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -53759,9 +53759,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -53814,7 +53814,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -53845,9 +53845,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \u003cinput type=\"hidden\" id=\"user\" name=\"\u003c%=username%\u003e\" value=\"\"/\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -53900,7 +53900,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -53931,9 +53931,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 338, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -53986,7 +53986,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -54017,9 +54017,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -54072,7 +54072,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -54103,9 +54103,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -54158,7 +54158,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -54189,9 +54189,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -54244,7 +54244,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -54275,9 +54275,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -54330,7 +54330,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -54361,9 +54361,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -54416,7 +54416,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -54447,9 +54447,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 601, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** \u003ca href=\"javascript:window.location=window.location.href\"\u003eNew Search\u003c/a\u003e\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** \u003ca href=\"javascript:window.location=window.location.href\"\u003eNew Search\u003c/a\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -54502,7 +54502,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -54533,9 +54533,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -54588,7 +54588,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -54619,9 +54619,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -54674,7 +54674,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -54705,9 +54705,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -54760,7 +54760,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -54791,9 +54791,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 829, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -54846,7 +54846,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -54877,9 +54877,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\u003cscript\u003ealert(\\\"xss\\\")\u003c/script\u003e\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** \u003cb\u003eYou searched for:\u003c/b\u003e \u003c%= query %\u003e\u003cbr/\u003e\u003cbr/\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -54932,7 +54932,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -54963,9 +54963,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 614, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -55018,7 +55018,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -55049,9 +55049,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -55104,7 +55104,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -55135,9 +55135,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 321, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -55190,7 +55190,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -55221,9 +55221,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 784, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -55276,7 +55276,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -55307,9 +55307,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -55362,7 +55362,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -55393,9 +55393,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getInt(\"userid\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"name\") +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -55448,7 +55448,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -55479,9 +55479,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -55534,7 +55534,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -55565,9 +55565,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -55620,7 +55620,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -55651,9 +55651,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -55706,7 +55706,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -55737,9 +55737,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -55792,7 +55792,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -55823,9 +55823,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \u003ca href=\\\"password.jsp\\\"\u003e\" + username + \"\u003c/a\u003e\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \u003ca href=\\\"password.jsp\\\"\u003e\" + username + \"\u003c/a\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -55878,7 +55878,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -55909,9 +55909,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -55964,7 +55964,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -55995,9 +55995,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -56050,7 +56050,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -56081,9 +56081,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 321, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -56136,7 +56136,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -56167,9 +56167,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -56222,7 +56222,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -56253,9 +56253,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -56308,7 +56308,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -56339,9 +56339,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -56394,7 +56394,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -56425,9 +56425,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -56480,7 +56480,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -56511,9 +56511,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -56566,7 +56566,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -56597,9 +56597,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -56652,7 +56652,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -56683,9 +56683,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -56738,7 +56738,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -56769,9 +56769,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -56824,7 +56824,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -56855,9 +56855,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -56910,7 +56910,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -56941,9 +56941,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 784, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -56996,7 +56996,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -57027,9 +57027,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -57082,7 +57082,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -57113,9 +57113,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 567, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -57168,7 +57168,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -57199,9 +57199,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -57254,7 +57254,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -57285,9 +57285,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -57340,7 +57340,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -57371,9 +57371,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -57426,7 +57426,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -57457,9 +57457,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 384, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -57512,7 +57512,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -57543,9 +57543,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -57598,7 +57598,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -57629,9 +57629,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -57684,7 +57684,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -57715,9 +57715,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -57770,7 +57770,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -57801,9 +57801,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -57856,7 +57856,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -57887,9 +57887,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -57942,7 +57942,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -57973,9 +57973,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -58028,7 +58028,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -58059,9 +58059,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -58114,7 +58114,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -58145,9 +58145,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -58200,7 +58200,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -58231,9 +58231,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -58286,7 +58286,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -58317,9 +58317,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -58372,7 +58372,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -58403,9 +58403,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \u003cinput type=\"hidden\" id=\"user\" name=\"\u003c%=username%\u003e\" value=\"\"/\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -58458,7 +58458,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -58489,9 +58489,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -58544,7 +58544,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -58575,9 +58575,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 614, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -58630,7 +58630,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -58661,9 +58661,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -58716,7 +58716,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -58747,9 +58747,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 362, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\u003c/td\u003e\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -58802,7 +58802,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -58833,9 +58833,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -58888,7 +58888,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -58919,9 +58919,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -58974,7 +58974,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -59005,9 +59005,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -59060,7 +59060,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -59091,9 +59091,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -59146,7 +59146,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -59177,9 +59177,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -59232,7 +59232,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -59263,9 +59263,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -59318,7 +59318,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -59349,9 +59349,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 352, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -59404,7 +59404,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -59435,9 +59435,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -59490,7 +59490,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -59521,9 +59521,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -59576,7 +59576,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -59607,9 +59607,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -59662,7 +59662,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -59693,9 +59693,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -59748,7 +59748,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -59779,9 +59779,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 829, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -59834,7 +59834,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -59865,9 +59865,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -59920,7 +59920,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -59951,9 +59951,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -60006,7 +60006,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -60037,9 +60037,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -60092,7 +60092,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -60123,9 +60123,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -60178,7 +60178,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -60209,9 +60209,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -60264,7 +60264,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -60295,9 +60295,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -60350,7 +60350,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -60381,9 +60381,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", + "description": "**Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -60436,7 +60436,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -60467,9 +60467,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -60522,7 +60522,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -60553,9 +60553,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -60608,7 +60608,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -60639,9 +60639,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\" + type + \"\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -60694,7 +60694,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -60725,9 +60725,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 329, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -60780,7 +60780,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -60811,9 +60811,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 182, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -60866,7 +60866,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -60897,9 +60897,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 646, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -60952,7 +60952,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -60983,9 +60983,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -61038,7 +61038,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -61069,9 +61069,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -61124,7 +61124,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -61155,9 +61155,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -61210,7 +61210,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -61241,9 +61241,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 338, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -61296,7 +61296,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -61327,9 +61327,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 501, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -61382,7 +61382,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -61413,9 +61413,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\u003cbr/\u003e\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\u003cbr/\u003e\" + e);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.
\" + e);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -61468,7 +61468,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -61499,9 +61499,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 784, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -61554,7 +61554,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -61585,9 +61585,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -61640,7 +61640,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -61671,9 +61671,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -61726,7 +61726,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -61757,9 +61757,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -61812,7 +61812,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -61843,9 +61843,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -61898,7 +61898,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -61929,9 +61929,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -61984,7 +61984,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -62015,9 +62015,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -62070,7 +62070,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -62101,9 +62101,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 614, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -62156,7 +62156,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -62187,9 +62187,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -62242,7 +62242,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -62273,9 +62273,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003ctd\u003e\u003c%=username%\u003e\u003c/td\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -62328,7 +62328,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -62359,9 +62359,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -62414,7 +62414,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -62445,9 +62445,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -62500,7 +62500,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -62531,9 +62531,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -62586,7 +62586,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -62617,9 +62617,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -62672,7 +62672,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -62703,9 +62703,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -62758,7 +62758,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -62789,9 +62789,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -62844,7 +62844,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -62875,9 +62875,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -62930,7 +62930,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -62961,9 +62961,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -63016,7 +63016,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -63047,9 +63047,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 315, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -63102,7 +63102,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -63133,9 +63133,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -63188,7 +63188,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -63219,9 +63219,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -63274,7 +63274,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -63305,9 +63305,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getInt(\"userid\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"name\") +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -63360,7 +63360,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -63391,9 +63391,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -63446,7 +63446,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -63477,9 +63477,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -63532,7 +63532,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -63563,9 +63563,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -63618,7 +63618,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -63649,9 +63649,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -63704,7 +63704,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -63735,9 +63735,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 384, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -63790,7 +63790,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -63821,9 +63821,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\u003c/TD\u003e\u003cTD\u003e\" + rs.getString(\"PRICE\") + \"\u003c/TD\u003e\u003c/TR\u003e\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\u003c/TD\u003e\u003cTD\u003e\" + rs.getString(\"PRICE\") + \"\u003c/TD\u003e\u003c/TR\u003e\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\u003cTR\u003e\u003cTD\u003e\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\u003cTR\u003e\u003cTD\u003e\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -63876,7 +63876,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -63907,9 +63907,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -63962,7 +63962,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -63993,9 +63993,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -64048,7 +64048,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -64079,9 +64079,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -64134,7 +64134,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -64165,9 +64165,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -64220,7 +64220,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -64251,9 +64251,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -64306,7 +64306,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -64337,9 +64337,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\" + type + \"\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -64392,7 +64392,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -64423,9 +64423,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -64478,7 +64478,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -64509,9 +64509,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -64564,7 +64564,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -64595,9 +64595,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -64650,7 +64650,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -64681,9 +64681,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -64736,7 +64736,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -64767,9 +64767,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -64822,7 +64822,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -64853,9 +64853,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -64908,7 +64908,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -64939,9 +64939,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 362, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\u003ctd align=\\\"right\\\"\u003e\" + nf.format(pricetopay) + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -64994,7 +64994,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -65025,9 +65025,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -65080,7 +65080,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -65111,9 +65111,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -65166,7 +65166,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -65197,9 +65197,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \u003cinput type=\"hidden\" id=\"user\" name=\"\u003c%=username%\u003e\" value=\"\"/\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -65252,7 +65252,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -65283,9 +65283,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 338, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -65338,7 +65338,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -65369,9 +65369,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -65424,7 +65424,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -65455,9 +65455,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -65510,7 +65510,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -65541,9 +65541,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -65596,7 +65596,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -65627,9 +65627,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -65682,7 +65682,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -65713,9 +65713,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -65768,7 +65768,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -65799,9 +65799,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 601, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** \u003ca href=\"javascript:window.location=window.location.href\"\u003eNew Search\u003c/a\u003e\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** \u003ca href=\"javascript:window.location=window.location.href\"\u003eNew Search\u003c/a\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -65854,7 +65854,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -65885,9 +65885,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -65940,7 +65940,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -65971,9 +65971,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" + product + \"\u003c/a\u003e\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -66026,7 +66026,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -66057,9 +66057,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -66112,7 +66112,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -66143,9 +66143,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 829, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -66198,7 +66198,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -66229,9 +66229,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\u003cscript\u003ealert(\\\"xss\\\")\u003c/script\u003e\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** \u003cb\u003eYou searched for:\u003c/b\u003e \u003c%= query %\u003e\u003cbr/\u003e\u003cbr/\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>

\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -66284,7 +66284,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -66315,9 +66315,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 614, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -66370,7 +66370,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -66401,9 +66401,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -66456,7 +66456,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -66487,9 +66487,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 321, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -66542,7 +66542,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -66573,9 +66573,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 784, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -66628,7 +66628,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -66659,9 +66659,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"name\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"comment\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -66714,7 +66714,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -66745,9 +66745,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"type\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getInt(\"currentbasketid\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getInt(\"userid\") + \"\u003c/td\u003e\u003ctd\u003e\" + rs.getString(\"name\") +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -66800,7 +66800,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -66831,9 +66831,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -66886,7 +66886,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -66917,9 +66917,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -66972,7 +66972,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -67003,9 +67003,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -67058,7 +67058,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -67089,9 +67089,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -67144,7 +67144,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -67175,9 +67175,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \u003ca href=\\\"password.jsp\\\"\u003e\" + username + \"\u003c/a\u003e\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \u003ca href=\\\"password.jsp\\\"\u003e\" + username + \"\u003c/a\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -67230,7 +67230,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -67261,9 +67261,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -67316,7 +67316,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -67347,9 +67347,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \u003c?xml version=\"1.0\" encoding=\"ISO-8859-1\"?\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -67402,7 +67402,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -67433,9 +67433,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 321, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -67488,7 +67488,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -67519,9 +67519,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -67574,7 +67574,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -67605,9 +67605,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -67660,7 +67660,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -67691,9 +67691,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\u003ctd\u003e\" + rs.getString(\"description\") + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -67746,7 +67746,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -67777,9 +67777,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -67832,7 +67832,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -67863,9 +67863,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -67918,7 +67918,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -67949,9 +67949,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -68004,7 +68004,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -68035,9 +68035,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -68090,7 +68090,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -68121,9 +68121,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -68176,7 +68176,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -68207,9 +68207,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -68262,7 +68262,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -68293,9 +68293,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 784, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -68348,7 +68348,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -68379,9 +68379,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -68434,7 +68434,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -68465,9 +68465,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 567, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -68520,7 +68520,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -68551,9 +68551,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -68606,7 +68606,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -68637,9 +68637,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -68692,7 +68692,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -68723,9 +68723,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -68778,7 +68778,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -68809,9 +68809,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 384, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -68864,7 +68864,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -68895,9 +68895,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -68950,7 +68950,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -68981,9 +68981,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 547, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -69036,7 +69036,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -69067,9 +69067,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -69122,7 +69122,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -69153,9 +69153,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -69208,7 +69208,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -69239,9 +69239,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -69294,7 +69294,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -69325,9 +69325,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -69380,7 +69380,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -69411,9 +69411,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -69466,7 +69466,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -69497,9 +69497,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -69552,7 +69552,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -69583,9 +69583,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -69638,7 +69638,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -69669,9 +69669,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -69724,7 +69724,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -69755,9 +69755,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \u003cinput type=\"hidden\" id=\"user\" name=\"\u003c%=username%\u003e\" value=\"\"/\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \" value=\"\"/>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -69810,7 +69810,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -69841,9 +69841,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 10706, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -69896,7 +69896,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -69927,9 +69927,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 614, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -69982,7 +69982,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -70013,9 +70013,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -70068,7 +70068,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -70099,9 +70099,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 362, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\u003c/td\u003e\u003c/td\u003e\u003ctd align=\\\"right\\\"\u003e\" + nf.format(price) + \"\u003c/td\u003e\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -70154,7 +70154,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -70185,9 +70185,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -70240,7 +70240,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -70271,9 +70271,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -70326,7 +70326,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -70357,9 +70357,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 244, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -70412,7 +70412,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -70443,9 +70443,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\u003cscript\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 363\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\u003c/script\u003e\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\u003ctr\u003e\u003ctd\u003e\" + comments + \"\u003c/td\u003e\u003c/tr\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 379\n**Source Object:** replace\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 20\n**Column:** 352\n**Source Object:** comments\n**Number:** 20\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 363\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 379\n**Source Object:** replace\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 22\n**Column:** 352\n**Source Object:** comments\n**Number:** 22\n**Code:** comments = comments.replace(\"\\\"\", \"\");\n-----\n**Line Number:** 37\n**Column:** 378\n**Source Object:** comments\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"\" + comments + \"\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -70498,7 +70498,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -70529,9 +70529,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 259, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -70584,7 +70584,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -70615,9 +70615,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 209, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -70670,7 +70670,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -70701,9 +70701,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 352, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -70756,7 +70756,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -70787,9 +70787,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -70842,7 +70842,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -70873,9 +70873,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -70928,7 +70928,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -70959,9 +70959,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 494, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -71014,7 +71014,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -71045,9 +71045,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 285, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -71100,7 +71100,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -71131,9 +71131,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 338, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -71186,7 +71186,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -71217,9 +71217,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 404, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -71272,7 +71272,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2020-04-16", + "sla_expiration_date": "2024-03-17", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -71303,9 +71303,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 79, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"

\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -71358,7 +71358,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -71389,9 +71389,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 330, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", + "description": "**Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -71444,7 +71444,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2020-03-17", + "sla_expiration_date": "2024-02-16", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -71475,9 +71475,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 89, - "date": "2019-12-18", + "date": "2023-11-18", "defect_review_requested_by": null, - "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", + "description": "**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -71530,7 +71530,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2020-01-17", + "sla_expiration_date": "2023-12-18", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -71561,7 +71561,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": null, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "asdf", "duplicate": false, @@ -71645,7 +71645,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 1035, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\n\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.", "duplicate": false, @@ -71700,7 +71700,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -71731,7 +71731,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 1035, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')\n\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.", "duplicate": false, @@ -71786,7 +71786,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -71817,7 +71817,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\ViewAccountInfo.aspx.cs\nLine: 22\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\n", "duplicate": false, @@ -71903,7 +71903,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Web.config\nLine: 25\n", "duplicate": false, @@ -71958,7 +71958,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -71989,7 +71989,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 72\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", "duplicate": false, @@ -72044,7 +72044,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -72075,7 +72075,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\StealCookies.aspx.cs\nLine: 19\nCodeLine: TODO: Mail the cookie in real time.\n", "duplicate": false, @@ -72161,7 +72161,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\CustomerRepository.cs\nLine: 41\nCodeLine: TODO: Add try/catch logic\n", "duplicate": false, @@ -72247,7 +72247,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\ShipperRepository.cs\nLine: 37\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\n", "duplicate": false, @@ -72333,7 +72333,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Medium\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\nFileName: C:\\Projects\\WebGoat.Net\\XtremelyEvilWebApp\\Web.config\nLine: 6\n", "duplicate": false, @@ -72388,7 +72388,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -72419,7 +72419,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 58\nCodeLine: TODO: Put this in try/catch as well\n", "duplicate": false, @@ -72505,7 +72505,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 145\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\n", "duplicate": false, @@ -72591,7 +72591,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Order.cs\nLine: 27\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\n", "duplicate": false, @@ -72677,7 +72677,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Account\\Register.aspx.cs\nLine: 35\nCodeLine: Response.Redirect(continueUrl);\n", "duplicate": false, @@ -72732,7 +72732,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -72763,7 +72763,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogResponseRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", "duplicate": false, @@ -72849,7 +72849,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Infrastructure\\BlogEntryRepository.cs\nLine: 18\nCodeLine: TODO: should put this in a try/catch\n", "duplicate": false, @@ -72935,7 +72935,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Standard\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\PackageTracking.aspx.cs\nLine: 25\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\n", "duplicate": false, @@ -72990,7 +72990,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -73021,7 +73021,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 16\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\n", "duplicate": false, @@ -73107,7 +73107,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\Core\\Cart.cs\nLine: 41\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\n", "duplicate": false, @@ -73193,7 +73193,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Product.aspx.cs\nLine: 59\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\n", "duplicate": false, @@ -73279,7 +73279,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Severity: Suspicious Comment\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\nFileName: C:\\Projects\\WebGoat.Net\\WebSite\\Checkout\\Checkout.aspx.cs\nLine: 102\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\n", "duplicate": false, @@ -73365,7 +73365,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", "duplicate": false, @@ -73420,7 +73420,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -73451,7 +73451,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", "duplicate": false, @@ -73537,9 +73537,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, - "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto \u003cscript\u003ealert(1)\u003c/script\u003enwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 \u003cscript\u003ealert(1)\u003c/script\u003ejledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": true, @@ -73564,7 +73564,7 @@ "line": null, "mitigated": null, "mitigated_by": null, - "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", "nb_occurences": null, "numerical_severity": "S1", "out_of_scope": false, @@ -73592,7 +73592,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -73623,7 +73623,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/\n\n\n", "duplicate": false, @@ -73678,7 +73678,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -73709,7 +73709,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", "duplicate": false, @@ -73764,7 +73764,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -73795,7 +73795,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", "duplicate": false, @@ -73881,7 +73881,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", "duplicate": false, @@ -73967,7 +73967,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", "duplicate": false, @@ -74022,7 +74022,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -74053,7 +74053,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", "duplicate": false, @@ -74080,7 +74080,7 @@ "line": null, "mitigated": null, "mitigated_by": null, - "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\u003c!doctype html\u003e\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", "nb_occurences": null, "numerical_severity": "S4", "out_of_scope": false, @@ -74139,7 +74139,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", "duplicate": false, @@ -74194,7 +74194,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -74225,7 +74225,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 59\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(notFound)\n", "duplicate": false, @@ -74280,7 +74280,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -74311,7 +74311,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 58\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", "duplicate": false, @@ -74366,7 +74366,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -74397,7 +74397,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 165\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", "duplicate": false, @@ -74452,7 +74452,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -74483,7 +74483,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 82\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", "duplicate": false, @@ -74538,7 +74538,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -74569,7 +74569,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\nLine number: 36-39\nIssue Confidence: HIGH\n\nCode:\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \n\t\t\t\t\t\t\t\tFROM Profile as p,Users as u \n\t\t\t\t\t\t\t\twhere p.user_id = u.id \n\t\t\t\t\t\t\t\tand u.id=%s`,uid)\n", "duplicate": false, @@ -74588,7 +74588,7 @@ "is_mitigated": false, "kev_date": null, "known_exploited": false, - "last_reviewed": "2021-12-06T07:07:19Z", + "last_reviewed": "2025-11-06T23:46:52Z", "last_reviewed_by": [ "admin" ], @@ -74624,7 +74624,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -74655,7 +74655,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", "duplicate": false, @@ -74710,7 +74710,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -74741,7 +74741,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 124\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", "duplicate": false, @@ -74796,7 +74796,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -74827,7 +74827,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 63\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", "duplicate": false, @@ -74882,7 +74882,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -74913,7 +74913,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 164\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", "duplicate": false, @@ -74968,7 +74968,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -74999,7 +74999,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 160\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", "duplicate": false, @@ -75054,7 +75054,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -75085,7 +75085,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 35\nIssue Confidence: HIGH\n\nCode:\nw.Write(b)\n", "duplicate": false, @@ -75140,7 +75140,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -75171,7 +75171,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 70\nIssue Confidence: HIGH\n\nCode:\nsqlmapDetected, _ := regexp.MatchString(\"sqlmap*\", userAgent)\n", "duplicate": false, @@ -75226,7 +75226,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -75257,7 +75257,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\nLine number: 73\nIssue Confidence: HIGH\n\nCode:\nw.Write([]byte(\"Forbidden\"))\n", "duplicate": false, @@ -75312,7 +75312,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -75343,7 +75343,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/app.go\nLine number: 79\nIssue Confidence: HIGH\n\nCode:\ns.ListenAndServe()\n", "duplicate": false, @@ -75398,7 +75398,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -75429,7 +75429,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 62\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(value)\n", "duplicate": false, @@ -75484,7 +75484,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -75515,7 +75515,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 63\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(vuln)\n", "duplicate": false, @@ -75570,7 +75570,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -75601,9 +75601,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, - "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(\u0026version)\n", + "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": false, @@ -75656,7 +75656,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -75687,7 +75687,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 64\nIssue Confidence: HIGH\n\nCode:\ndb,_ := database.Connect()\n", "duplicate": false, @@ -75742,7 +75742,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -75773,7 +75773,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 62\nIssue Confidence: HIGH\n\nCode:\nmd5.New()\n", "duplicate": false, @@ -75828,7 +75828,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -75859,7 +75859,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\nLine number: 7\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", "duplicate": false, @@ -75914,7 +75914,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -75945,7 +75945,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 8\nIssue Confidence: HIGH\n\nCode:\n\"crypto/md5\"\n", "duplicate": false, @@ -76000,7 +76000,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -76031,7 +76031,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/cookie.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\ncookie, _ := r.Cookie(name)\n", "duplicate": false, @@ -76086,7 +76086,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -76117,7 +76117,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 42\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", "duplicate": false, @@ -76172,7 +76172,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -76203,7 +76203,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\nLine number: 100\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(inlineJS)\n", "duplicate": false, @@ -76258,7 +76258,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -76289,7 +76289,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\nLine number: 61\nIssue Confidence: HIGH\n\nCode:\np.GetData(sid)\n", "duplicate": false, @@ -76344,7 +76344,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -76375,7 +76375,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/user/user.go\nLine number: 161\nIssue Confidence: HIGH\n\nCode:\nhasher.Write([]byte(text))\n", "duplicate": false, @@ -76430,7 +76430,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -76461,7 +76461,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 41\nIssue Confidence: HIGH\n\nCode:\ntemplate.ExecuteTemplate(w, name, data)\n", "duplicate": false, @@ -76516,7 +76516,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -76547,7 +76547,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "Filename: /vagrant/go/src/govwa/util/template.go\nLine number: 45\nIssue Confidence: LOW\n\nCode:\ntemplate.HTML(text)\n", "duplicate": false, @@ -76602,7 +76602,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": true, @@ -76633,7 +76633,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields with autocomplete enabled:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field with autocomplete enabled:\n * password\n\n\n\n", "duplicate": false, @@ -76688,7 +76688,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -76719,7 +76719,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/logout.jsp\n\n\nURL: http://localhost:8888/\n\n\nURL: http://localhost:8888/bodgeit/search.jsp\n\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\n\nURL: http://localhost:8888/bodgeit/\n\n\n", "duplicate": false, @@ -76805,9 +76805,9 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, - "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto \u003cscript\u003ealert(1)\u003c/script\u003enwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 \u003cscript\u003ealert(1)\u003c/script\u003ejledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", + "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n", "duplicate": false, "duplicate_finding": null, "dynamic_finding": true, @@ -76832,7 +76832,7 @@ "line": null, "mitigated": null, "mitigated_by": null, - "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", + "mitigation": "\n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n", "nb_occurences": null, "numerical_severity": "S1", "out_of_scope": false, @@ -76860,7 +76860,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -76891,7 +76891,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/\n\n\n", "duplicate": false, @@ -76946,7 +76946,7 @@ "service": null, "severity": "Low", "severity_justification": null, - "sla_expiration_date": "2022-04-03", + "sla_expiration_date": "2026-03-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -76977,7 +76977,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\n\n", "duplicate": false, @@ -77032,7 +77032,7 @@ "service": null, "severity": "Medium", "severity_justification": null, - "sla_expiration_date": "2022-03-04", + "sla_expiration_date": "2026-02-02", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -77063,7 +77063,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/score.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe following email address was disclosed in the response:\n\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe following email addresses were disclosed in the response:\n\n * admin@thebodgeitstore.com\n * test@test.com\n * test@thebodgeitstore.com\n * user1@thebodgeitstore.com\n\n\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe following email address was disclosed in the response:\n\n * test@test.com\n\n\n\n", "duplicate": false, @@ -77149,7 +77149,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/login.jsp\n\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\n\n", "duplicate": false, @@ -77235,7 +77235,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/register.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \n \nThe database appears to be Microsoft SQL Server.\n\n", "duplicate": false, @@ -77290,7 +77290,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -77321,7 +77321,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/search.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/logout.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/score.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/product.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/password.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/home.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/contact.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/admin.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/advanced.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/basket.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/about.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\nURL: http://localhost:8888/bodgeit/\n\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \n \nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\n\n", "duplicate": false, @@ -77348,7 +77348,7 @@ "line": null, "mitigated": null, "mitigated_by": null, - "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\u003c!doctype html\u003e\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", + "mitigation": "\n\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \n\n * Setting the HTTP response header \"X-Frame-Options: deny\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\n * Setting a modern doctype (e.g. \"\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\n * Setting the HTTP response header \"X-Content-Type-Options: no sniff\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\n\n\n", "nb_occurences": null, "numerical_severity": "S4", "out_of_scope": false, @@ -77407,7 +77407,7 @@ "cvssv4": null, "cvssv4_score": null, "cwe": 0, - "date": "2021-12-04", + "date": "2025-11-04", "defect_review_requested_by": null, "description": "URL: http://localhost:8888/bodgeit/password.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/password.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/register.jsp\n\nThe form contains the following password fields:\n * password1\n * password2\n\n\n\nURL: http://localhost:8888/bodgeit/login.jsp\n\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\n\n * http://localhost:8888/bodgeit/login.jsp\n\nThe form contains the following password field:\n * password\n\n\n\n", "duplicate": false, @@ -77462,7 +77462,7 @@ "service": null, "severity": "High", "severity_justification": null, - "sla_expiration_date": "2022-01-03", + "sla_expiration_date": "2025-12-04", "sla_start_date": null, "sonarqube_issue": null, "static_finding": false, @@ -77619,7 +77619,7 @@ "async_updating": false, "business_criticality": "high", "created": null, - "description": "Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers", + "description": "Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable\u2014where the company enters money received\r\n* Accounts payable\u2014where the company enters its bills and pays money it owes\r\n* General ledger\u2014the company's \"books\"\r\n* Billing\u2014where the company produces invoices to clients/customers", "disable_sla_breach_notifications": false, "enable_full_risk_acceptance": true, "enable_product_tag_inheritance": false, @@ -77673,8 +77673,8 @@ "pgh_label": "insert", "pgh_obj": 3, "scan_type": null, - "target_end": "2021-03-30T00:00:00Z", - "target_start": "2021-03-21T00:00:00Z", + "target_end": "2025-02-28T16:39:33Z", + "target_start": "2025-02-19T16:39:33Z", "test_type": 1, "title": null, "updated": null, @@ -77703,8 +77703,8 @@ "pgh_label": "insert", "pgh_obj": 13, "scan_type": null, - "target_end": "2021-04-22T01:00:00Z", - "target_start": "2021-04-21T01:00:00Z", + "target_end": "2025-03-23T17:39:33Z", + "target_start": "2025-03-22T17:39:33Z", "test_type": 1, "title": null, "updated": null, @@ -77731,8 +77731,8 @@ "pgh_label": "insert", "pgh_obj": 14, "scan_type": null, - "target_end": "2021-03-30T00:00:00Z", - "target_start": "2021-03-21T00:00:00Z", + "target_end": "2025-02-28T16:39:33Z", + "target_start": "2025-02-19T16:39:33Z", "test_type": 1, "title": null, "updated": null, @@ -77761,8 +77761,8 @@ "pgh_label": "insert", "pgh_obj": 15, "scan_type": null, - "target_end": "2021-12-04T00:00:00Z", - "target_start": "2021-12-04T00:00:00Z", + "target_end": "2025-11-04T16:39:33Z", + "target_start": "2025-11-04T16:39:33Z", "test_type": 12, "title": null, "updated": "2021-12-05T12:52:37.052385054Z", @@ -77791,8 +77791,8 @@ "pgh_label": "insert", "pgh_obj": 16, "scan_type": null, - "target_end": "2021-12-04T00:00:00Z", - "target_start": "2021-12-04T00:00:00Z", + "target_end": "2025-11-04T16:39:33Z", + "target_start": "2025-11-04T16:39:33Z", "test_type": 12, "title": null, "updated": "2021-12-05T12:54:31.628385054Z", @@ -77821,8 +77821,8 @@ "pgh_label": "insert", "pgh_obj": 18, "scan_type": null, - "target_end": "2022-02-24T00:00:00Z", - "target_start": "2022-02-19T00:00:00Z", + "target_end": "2026-01-25T16:39:33Z", + "target_start": "2026-01-20T16:39:33Z", "test_type": 21, "title": null, "updated": "2021-12-05T13:17:40.492385054Z", @@ -77879,8 +77879,8 @@ "pgh_label": "insert", "pgh_obj": 20, "scan_type": null, - "target_end": "2022-01-27T00:00:00Z", - "target_start": "2022-01-20T00:00:00Z", + "target_end": "2025-12-28T16:39:33Z", + "target_start": "2025-12-21T16:39:33Z", "test_type": 1, "title": null, "updated": "2021-12-05T13:34:15.590385054Z", @@ -77909,8 +77909,8 @@ "pgh_label": "insert", "pgh_obj": 21, "scan_type": null, - "target_end": "2022-01-27T00:00:00Z", - "target_start": "2022-01-20T00:00:00Z", + "target_end": "2025-12-28T16:39:33Z", + "target_start": "2025-12-21T16:39:33Z", "test_type": 19, "title": null, "updated": "2021-12-05T13:34:29.899385054Z", @@ -77939,8 +77939,8 @@ "pgh_label": "insert", "pgh_obj": 22, "scan_type": null, - "target_end": "2022-01-27T00:00:00Z", - "target_start": "2022-01-20T00:00:00Z", + "target_end": "2025-12-28T16:39:33Z", + "target_start": "2025-12-21T16:39:33Z", "test_type": 17, "title": null, "updated": "2021-12-05T13:34:48.200385054Z", @@ -77969,8 +77969,8 @@ "pgh_label": "insert", "pgh_obj": 23, "scan_type": null, - "target_end": "2022-01-27T00:00:00Z", - "target_start": "2022-01-20T00:00:00Z", + "target_end": "2025-12-28T16:39:33Z", + "target_start": "2025-12-21T16:39:33Z", "test_type": 11, "title": null, "updated": "2021-12-05T13:35:08.304385054Z", @@ -77999,8 +77999,8 @@ "pgh_label": "insert", "pgh_obj": 25, "scan_type": null, - "target_end": "2021-12-05T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 17, "title": null, "updated": "2021-12-06T10:35:42.303385054Z", @@ -78029,8 +78029,8 @@ "pgh_label": "insert", "pgh_obj": 26, "scan_type": null, - "target_end": "2021-12-05T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 28, "title": null, "updated": "2021-12-06T10:37:12.939385054Z", @@ -78059,8 +78059,8 @@ "pgh_label": "insert", "pgh_obj": 28, "scan_type": null, - "target_end": "2021-12-05T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 9, "title": null, "updated": "2021-12-06T10:38:24.006385054Z", @@ -78089,8 +78089,8 @@ "pgh_label": "insert", "pgh_obj": 29, "scan_type": null, - "target_end": "2021-12-12T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-12T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 29, "title": null, "updated": "2021-12-06T10:45:30.478385054Z", @@ -78119,8 +78119,8 @@ "pgh_label": "insert", "pgh_obj": 30, "scan_type": null, - "target_end": "2021-12-12T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-12T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 3, "title": null, "updated": "2021-12-06T10:45:41.988385054Z", @@ -78149,8 +78149,8 @@ "pgh_label": "insert", "pgh_obj": 31, "scan_type": null, - "target_end": "2021-12-05T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 30, "title": null, "updated": "2021-12-06T10:58:24.523385054Z", @@ -78179,8 +78179,8 @@ "pgh_label": "insert", "pgh_obj": 32, "scan_type": null, - "target_end": "2021-12-05T00:00:00Z", - "target_start": "2021-12-05T00:00:00Z", + "target_end": "2025-11-05T16:39:33Z", + "target_start": "2025-11-05T16:39:33Z", "test_type": 9, "title": null, "updated": "2021-12-06T14:34:11.974385054Z", @@ -79676,7 +79676,7 @@ }, { "fields": { - "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp", + "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -79694,7 +79694,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp", + "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -79712,7 +79712,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -79730,7 +79730,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -79748,7 +79748,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp", + "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -79766,7 +79766,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp", + "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -79784,7 +79784,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp", + "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -79802,7 +79802,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp", + "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -79820,7 +79820,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp", + "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -79838,7 +79838,7 @@ }, { "fields": { - "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js", + "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js", "content_type": [ "dojo", "test_import" @@ -79856,7 +79856,7 @@ }, { "fields": { - "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp", + "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -79874,7 +79874,7 @@ }, { "fields": { - "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp", + "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -79892,7 +79892,7 @@ }, { "fields": { - "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp", + "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -79910,7 +79910,7 @@ }, { "fields": { - "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java", + "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java", "content_type": [ "dojo", "test_import" @@ -79928,7 +79928,7 @@ }, { "fields": { - "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "test_import" @@ -79946,7 +79946,7 @@ }, { "fields": { - "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp", + "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -79964,7 +79964,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp", + "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -79982,7 +79982,7 @@ }, { "fields": { - "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp", + "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -80000,7 +80000,7 @@ }, { "fields": { - "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp", + "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -80018,7 +80018,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp", + "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -80036,7 +80036,7 @@ }, { "fields": { - "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp", + "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -80054,7 +80054,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp", + "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -80072,7 +80072,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp", + "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -80090,7 +80090,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp", + "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -80108,7 +80108,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp", + "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -80126,7 +80126,7 @@ }, { "fields": { - "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -80144,7 +80144,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp", + "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -80162,7 +80162,7 @@ }, { "fields": { - "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -80180,7 +80180,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -80198,7 +80198,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -80216,7 +80216,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp", + "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -80234,7 +80234,7 @@ }, { "fields": { - "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003ctd\u003e\u003c%=username%\u003e\u003c/td\u003e\n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp", + "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -80252,7 +80252,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp", + "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -80270,7 +80270,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf", + "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf", "content_type": [ "dojo", "test_import" @@ -80288,7 +80288,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp", + "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -80306,7 +80306,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp", + "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -80324,7 +80324,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp", + "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -80342,7 +80342,7 @@ }, { "fields": { - "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp", + "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -80360,7 +80360,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp", + "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -80378,7 +80378,7 @@ }, { "fields": { - "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp", + "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -80396,7 +80396,7 @@ }, { "fields": { - "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp", + "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -80414,7 +80414,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp", + "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -80432,7 +80432,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp", + "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -80450,7 +80450,7 @@ }, { "fields": { - "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp", + "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -80468,7 +80468,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp", + "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -80486,7 +80486,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp", + "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -80504,7 +80504,7 @@ }, { "fields": { - "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp", + "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -80522,7 +80522,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp", + "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -80540,7 +80540,7 @@ }, { "fields": { - "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -80558,7 +80558,7 @@ }, { "fields": { - "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp", + "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -80576,7 +80576,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf", + "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf", "content_type": [ "dojo", "test_import" @@ -80594,7 +80594,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp", + "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -80612,7 +80612,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "test_import" @@ -80630,7 +80630,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp", + "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -80648,7 +80648,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp", + "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -80666,7 +80666,7 @@ }, { "fields": { - "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp", + "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -80684,7 +80684,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp", + "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -80702,7 +80702,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp", + "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -80720,7 +80720,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp", + "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -80738,7 +80738,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp", + "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -80756,7 +80756,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp", + "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -80774,7 +80774,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp", + "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -80792,7 +80792,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp", + "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -80810,7 +80810,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp", + "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -80828,7 +80828,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", "content_type": [ "dojo", "test_import" @@ -80846,7 +80846,7 @@ }, { "fields": { - "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp", + "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -80864,7 +80864,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp", + "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -80882,7 +80882,7 @@ }, { "fields": { - "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp", + "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -80900,7 +80900,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp", + "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -80918,7 +80918,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp", + "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -80936,7 +80936,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -80954,7 +80954,7 @@ }, { "fields": { - "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp", + "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -80972,7 +80972,7 @@ }, { "fields": { - "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp", + "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -80990,7 +80990,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp", + "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -81008,7 +81008,7 @@ }, { "fields": { - "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp", + "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -81026,7 +81026,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp", + "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -81044,7 +81044,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -81062,7 +81062,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: \u003c%= query %\u003e\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp", + "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -81080,7 +81080,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -81098,7 +81098,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp", + "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -81116,7 +81116,7 @@ }, { "fields": { - "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -81134,7 +81134,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp", + "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -81152,7 +81152,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -81170,7 +81170,7 @@ }, { "fields": { - "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp", + "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -81188,7 +81188,7 @@ }, { "fields": { - "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp", + "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -81206,7 +81206,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp", + "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -81224,7 +81224,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp", + "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -81242,7 +81242,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp", + "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -81260,7 +81260,7 @@ }, { "fields": { - "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp", + "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -81278,7 +81278,7 @@ }, { "fields": { - "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp", + "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -81296,7 +81296,7 @@ }, { "fields": { - "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -81314,7 +81314,7 @@ }, { "fields": { - "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java", + "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java", "content_type": [ "dojo", "test_import" @@ -81332,7 +81332,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp", + "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -81350,7 +81350,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp", + "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -81368,7 +81368,7 @@ }, { "fields": { - "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp", + "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -81386,7 +81386,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp", + "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -81404,7 +81404,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp", + "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -81422,7 +81422,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp", + "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -81440,7 +81440,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp", + "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -81458,7 +81458,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp", + "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -81476,7 +81476,7 @@ }, { "fields": { - "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp", + "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -81494,7 +81494,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp", + "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -81512,7 +81512,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp", + "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -81530,7 +81530,7 @@ }, { "fields": { - "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -81548,7 +81548,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp", + "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -81566,7 +81566,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -81584,7 +81584,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp", + "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -81602,7 +81602,7 @@ }, { "fields": { - "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp", + "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp", "content_type": [ "dojo", "test_import" @@ -81620,7 +81620,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp", + "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -81638,7 +81638,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp", + "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -81656,7 +81656,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp", + "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -81674,7 +81674,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp", + "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -81692,7 +81692,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp", + "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -81710,7 +81710,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp", + "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -81728,7 +81728,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp", + "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -81746,7 +81746,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp", + "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -81764,7 +81764,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp", + "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -81782,7 +81782,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp", + "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -81800,7 +81800,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -81818,7 +81818,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp", + "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -81836,7 +81836,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -81854,7 +81854,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp", + "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -81872,7 +81872,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp", + "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -81890,7 +81890,7 @@ }, { "fields": { - "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp", + "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -81908,7 +81908,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -81926,7 +81926,7 @@ }, { "fields": { - "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp", + "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -81944,7 +81944,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "test_import" @@ -81962,7 +81962,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp", + "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -81980,7 +81980,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp", + "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -81998,7 +81998,7 @@ }, { "fields": { - "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp", + "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -82016,7 +82016,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp", + "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -82034,7 +82034,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp", + "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -82070,7 +82070,7 @@ }, { "fields": { - "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp", + "content": "SQL Injection (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None None None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -82088,7 +82088,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp", + "content": "Download of Code Without Integrity Check (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None None None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -82106,7 +82106,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None None None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -82124,7 +82124,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None None None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -82142,7 +82142,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp", + "content": "Improper Resource Shutdown or Release (home.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -82160,7 +82160,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp", + "content": "Reflected XSS All Clients (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None None None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -82178,7 +82178,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp", + "content": "HttpOnlyCookies (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -82196,7 +82196,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp", + "content": "CGI Reflected XSS All Clients (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -82214,7 +82214,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp", + "content": "Hardcoded password in Connection String (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -82232,7 +82232,7 @@ }, { "fields": { - "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js", + "content": "Client Insecure Randomness (encryption.js) N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None None None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js", "content_type": [ "dojo", "test_import" @@ -82250,7 +82250,7 @@ }, { "fields": { - "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp", + "content": "SQL Injection (password.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None None None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -82268,7 +82268,7 @@ }, { "fields": { - "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp", + "content": "Stored XSS (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None None None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -82286,7 +82286,7 @@ }, { "fields": { - "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp", + "content": "CGI Stored XSS (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -82304,7 +82304,7 @@ }, { "fields": { - "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java", + "content": "Not Using a Random IV with CBC Mode (AES.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None None None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java", "content_type": [ "dojo", "test_import" @@ -82322,7 +82322,7 @@ }, { "fields": { - "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Collapse of Data into Unsafe Value (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "test_import" @@ -82340,7 +82340,7 @@ }, { "fields": { - "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp", + "content": "Stored Boundary Violation (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None None None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -82358,7 +82358,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp", + "content": "Hardcoded password in Connection String (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -82376,7 +82376,7 @@ }, { "fields": { - "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp", + "content": "Blind SQL Injections (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -82394,7 +82394,7 @@ }, { "fields": { - "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp", + "content": "Heap Inspection (password.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -82412,7 +82412,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp", + "content": "Use of Cryptographically Weak PRNG (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -82430,7 +82430,7 @@ }, { "fields": { - "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp", + "content": "Trust Boundary Violation (login.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None None None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -82448,7 +82448,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp", + "content": "Information Exposure Through an Error Message (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None None None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -82466,7 +82466,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp", + "content": "Reliance on Cookies in a Decision (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None None None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -82484,7 +82484,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp", + "content": "Empty Password In Connection String (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -82502,7 +82502,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp", + "content": "Improper Resource Access Authorization (password.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None None None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -82520,7 +82520,7 @@ }, { "fields": { - "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -82538,7 +82538,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp", + "content": "Hardcoded password in Connection String (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -82556,7 +82556,7 @@ }, { "fields": { - "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None None None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -82574,7 +82574,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -82592,7 +82592,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -82610,7 +82610,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp", + "content": "CGI Reflected XSS All Clients (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None None None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -82628,7 +82628,7 @@ }, { "fields": { - "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003ctd\u003e\u003c%=username%\u003e\u003c/td\u003e\n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp", + "content": "Suspected XSS (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None None None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -82646,7 +82646,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp", + "content": "Hardcoded password in Connection String (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -82664,7 +82664,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf", + "content": "Hardcoded password in Connection String (dbconnection.jspf) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf", "content_type": [ "dojo", "test_import" @@ -82682,7 +82682,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp", + "content": "Empty Password In Connection String (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None None None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -82700,7 +82700,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp", + "content": "Download of Code Without Integrity Check (home.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -82718,7 +82718,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp", + "content": "Information Exposure Through an Error Message (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -82736,7 +82736,7 @@ }, { "fields": { - "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp", + "content": "SQL Injection (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None None None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -82754,7 +82754,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp", + "content": "Empty Password In Connection String (advanced.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None None None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -82772,7 +82772,7 @@ }, { "fields": { - "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp", + "content": "CGI Stored XSS (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None None None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -82790,7 +82790,7 @@ }, { "fields": { - "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp", + "content": "Plaintext Storage in a Cookie (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -82808,7 +82808,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp", + "content": "Information Exposure Through an Error Message (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n N/A N/A None None S3 None None None None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -82826,7 +82826,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp", + "content": "Hardcoded password in Connection String (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -82844,7 +82844,7 @@ }, { "fields": { - "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp", + "content": "Stored XSS (admin.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None None None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -82862,7 +82862,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp", + "content": "Download of Code Without Integrity Check (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -82880,7 +82880,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp", + "content": "Empty Password In Connection String (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -82898,7 +82898,7 @@ }, { "fields": { - "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp", + "content": "Heap Inspection (login.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None None None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -82916,7 +82916,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp", + "content": "Download of Code Without Integrity Check (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -82934,7 +82934,7 @@ }, { "fields": { - "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Session Fixation (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None None None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -82952,7 +82952,7 @@ }, { "fields": { - "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp", + "content": "Stored XSS (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None None None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -82970,7 +82970,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf", + "content": "Empty Password In Connection String (dbconnection.jspf) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf", "content_type": [ "dojo", "test_import" @@ -82988,7 +82988,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp", + "content": "Hardcoded password in Connection String (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -83006,7 +83006,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Reflected XSS All Clients (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "test_import" @@ -83024,7 +83024,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp", + "content": "HttpOnlyCookies (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -83042,7 +83042,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp", + "content": "Download of Code Without Integrity Check (register.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None None None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -83060,7 +83060,7 @@ }, { "fields": { - "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp", + "content": "Stored XSS (home.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -83078,7 +83078,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp", + "content": "Empty Password In Connection String (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -83096,7 +83096,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp", + "content": "Reflected XSS All Clients (register.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -83114,7 +83114,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp", + "content": "Improper Resource Access Authorization (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -83132,7 +83132,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp", + "content": "Download of Code Without Integrity Check (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -83150,7 +83150,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp", + "content": "Download of Code Without Integrity Check (score.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None None None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -83168,7 +83168,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp", + "content": "Improper Resource Access Authorization (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None None None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -83186,7 +83186,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp", + "content": "Race Condition Format Flaw (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None None None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -83204,7 +83204,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp", + "content": "Empty Password In Connection String (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None None None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -83222,7 +83222,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None None None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java", "content_type": [ "dojo", "test_import" @@ -83240,7 +83240,7 @@ }, { "fields": { - "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp", + "content": "Suspected XSS (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None None None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -83258,7 +83258,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp", + "content": "Use of Cryptographically Weak PRNG (init.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -83276,7 +83276,7 @@ }, { "fields": { - "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp", + "content": "CGI Stored XSS (product.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None None None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -83294,7 +83294,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp", + "content": "Improper Resource Shutdown or Release (init.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -83312,7 +83312,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp", + "content": "Download of Code Without Integrity Check (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None None None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -83330,7 +83330,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -83348,7 +83348,7 @@ }, { "fields": { - "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp", + "content": "Blind SQL Injections (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -83366,7 +83366,7 @@ }, { "fields": { - "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp", + "content": "Client DOM Open Redirect (advanced.jsp) N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None None None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -83384,7 +83384,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp", + "content": "Hardcoded password in Connection String (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -83402,7 +83402,7 @@ }, { "fields": { - "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp", + "content": "CGI Stored XSS (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None None None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -83420,7 +83420,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp", + "content": "Use of Insufficiently Random Values (init.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -83438,7 +83438,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml", + "content": "Missing X Frame Options (web.xml) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None None None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -83456,7 +83456,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: \u003c%= query %\u003e\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp", + "content": "Reflected XSS All Clients (search.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None None None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -83474,7 +83474,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None None None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -83492,7 +83492,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp", + "content": "Information Exposure Through an Error Message (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -83510,7 +83510,7 @@ }, { "fields": { - "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Use of Hard coded Cryptographic Key (AdvancedSearch.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None None None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -83528,7 +83528,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp", + "content": "Reliance on Cookies in a Decision (register.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -83546,7 +83546,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -83564,7 +83564,7 @@ }, { "fields": { - "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp", + "content": "CGI Stored XSS (admin.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None None None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -83582,7 +83582,7 @@ }, { "fields": { - "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp", + "content": "Heap Inspection (register.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None None None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -83600,7 +83600,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp", + "content": "Improper Resource Shutdown or Release (search.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -83618,7 +83618,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp", + "content": "Information Exposure Through an Error Message (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -83636,7 +83636,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp", + "content": "Improper Resource Access Authorization (init.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -83654,7 +83654,7 @@ }, { "fields": { - "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp", + "content": "CGI Stored XSS (header.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None None None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -83672,7 +83672,7 @@ }, { "fields": { - "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp", + "content": "Blind SQL Injections (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -83690,7 +83690,7 @@ }, { "fields": { - "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml", + "content": "HttpOnlyCookies In Config (web.xml) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None None None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml", "content_type": [ "dojo", "test_import" @@ -83708,7 +83708,7 @@ }, { "fields": { - "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java", + "content": "Use of Hard coded Cryptographic Key (AES.java) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None None None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java", "content_type": [ "dojo", "test_import" @@ -83726,7 +83726,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp", + "content": "Improper Resource Shutdown or Release (score.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -83744,7 +83744,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp", + "content": "CGI Reflected XSS All Clients (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None None None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -83762,7 +83762,7 @@ }, { "fields": { - "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp", + "content": "Stored XSS (score.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None None None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -83780,7 +83780,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp", + "content": "Information Exposure Through an Error Message (basket.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -83798,7 +83798,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp", + "content": "Improper Resource Access Authorization (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None None None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -83816,7 +83816,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp", + "content": "Improper Resource Access Authorization (home.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -83834,7 +83834,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp", + "content": "Improper Resource Shutdown or Release (admin.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -83852,7 +83852,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp", + "content": "Information Exposure Through an Error Message (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -83870,7 +83870,7 @@ }, { "fields": { - "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp", + "content": "Blind SQL Injections (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -83888,7 +83888,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp", + "content": "Reliance on Cookies in a Decision (login.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None None None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -83906,7 +83906,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp", + "content": "Download of Code Without Integrity Check (search.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None None None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -83924,7 +83924,7 @@ }, { "fields": { - "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java", + "content": "Unsynchronized Access To Shared Data (AdvancedSearch.java) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None None None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java", "content_type": [ "dojo", "test_import" @@ -83942,7 +83942,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp", + "content": "Empty Password In Connection String (search.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None None None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp", "content_type": [ "dojo", "test_import" @@ -83960,7 +83960,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -83978,7 +83978,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp", + "content": "Improper Resource Access Authorization (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -83996,7 +83996,7 @@ }, { "fields": { - "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp", + "content": "Session Fixation (logout.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None None None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp", "content_type": [ "dojo", "test_import" @@ -84014,7 +84014,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp", + "content": "Hardcoded password in Connection String (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None None None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -84032,7 +84032,7 @@ }, { "fields": { - "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp", + "content": "Hardcoded password in Connection String (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -84050,7 +84050,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp", + "content": "Improper Resource Access Authorization (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None None None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -84068,7 +84068,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp", + "content": "Improper Resource Access Authorization (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None None None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -84086,7 +84086,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp", + "content": "Empty Password In Connection String (score.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None None None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp", "content_type": [ "dojo", "test_import" @@ -84104,7 +84104,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp", + "content": "Improper Resource Shutdown or Release (password.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None None None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -84122,7 +84122,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp", + "content": "Improper Resource Shutdown or Release (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None None None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -84140,7 +84140,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp", + "content": "Empty Password In Connection String (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None None None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -84158,7 +84158,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp", + "content": "Information Exposure Through an Error Message (login.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -84176,7 +84176,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp", + "content": "Use of Insufficiently Random Values (contact.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -84194,7 +84194,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp", + "content": "Stored XSS (contact.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None None None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -84212,7 +84212,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp", + "content": "HttpOnlyCookies (login.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None None None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -84230,7 +84230,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None None None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -84248,7 +84248,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp", + "content": "Information Exposure Through an Error Message (header.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None None None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp", "content_type": [ "dojo", "test_import" @@ -84266,7 +84266,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp", + "content": "Race Condition Format Flaw (product.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None None None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -84284,7 +84284,7 @@ }, { "fields": { - "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\u003c/a\u003e\u003ctd\u003e\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\u003ctd\u003e\u003ca href=\\\"product.jsp?prodid=\" + rs.getInt(\"productid\") + \"\\\"\u003e\" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp", + "content": "Stored XSS (product.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None None None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -84302,7 +84302,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", + "content": "Improper Resource Shutdown or Release (basket.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None None None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -84320,7 +84320,7 @@ }, { "fields": { - "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp", + "content": "Heap Inspection (init.jsp) N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None None None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp", "content_type": [ "dojo", "test_import" @@ -84338,7 +84338,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "CGI Reflected XSS All Clients (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "test_import" @@ -84356,7 +84356,7 @@ }, { "fields": { - "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp", + "content": "Empty Password In Connection String (contact.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None None None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -84374,7 +84374,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\u003cbr/\u003e\u003cbr/\u003e\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp", + "content": "Information Exposure Through an Error Message (product.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"

\");\n-----\n N/A N/A None None S3 None None None None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp", "content_type": [ "dojo", "test_import" @@ -84392,7 +84392,7 @@ }, { "fields": { - "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp", + "content": "XSRF (password.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None None None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp", "content_type": [ "dojo", "test_import" @@ -84410,7 +84410,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp", + "content": "Download of Code Without Integrity Check (advanced.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None None None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp", "content_type": [ "dojo", "test_import" @@ -84428,7 +84428,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp", + "content": "Improper Resource Access Authorization (register.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None None None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp", "content_type": [ "dojo", "test_import" @@ -84446,7 +84446,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n N/A N/A None None S2 None None None None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp", + "content": "Download of Code Without Integrity Check (basket.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None None None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -84464,7 +84464,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None None None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp", + "content": "Improper Resource Access Authorization (admin.jsp) N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None None None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp", "content_type": [ "dojo", "test_import" @@ -84482,7 +84482,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp", + "content": "Use of Cryptographically Weak PRNG (contact.jsp) N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None None None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -84500,7 +84500,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp", + "content": "Improper Resource Shutdown or Release (contact.jsp) N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None None None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp", "content_type": [ "dojo", "test_import" @@ -84518,7 +84518,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp", + "content": "Reflected XSS All Clients (login.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None None None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp", "content_type": [ "dojo", "test_import" @@ -84536,7 +84536,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (home.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp", + "content": "Use of Insufficiently Random Values (home.jsp) N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None None None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp", "content_type": [ "dojo", "test_import" @@ -84554,7 +84554,7 @@ }, { "fields": { - "content": "SQL Injection (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None None None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp", + "content": "SQL Injection (basket.jsp) N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None None None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp", "content_type": [ "dojo", "test_import" @@ -84590,7 +84590,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None 262 N/A None BodgeIt ", + "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None 262 N/A None BodgeIt ", "content_type": [ "dojo", "test_import" @@ -84608,7 +84608,7 @@ }, { "fields": { - "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None 263 N/A None BodgeIt ", + "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None 263 N/A None BodgeIt ", "content_type": [ "dojo", "test_import" @@ -84734,7 +84734,7 @@ }, { "fields": { - "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers 0 0 0 high web production purchased", + "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable\u2014where the company enters money received\r\n* Accounts payable\u2014where the company enters its bills and pays money it owes\r\n* General ledger\u2014the company's \"books\"\r\n* Billing\u2014where the company produces invoices to clients/customers 0 0 0 high web production purchased", "content_type": [ "dojo", "tagulous_product_tags" @@ -84842,7 +84842,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None 276 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None 276 N/A None BodgeIt ", "content_type": [ "dojo", "test_import" @@ -84860,7 +84860,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None 277 N/A None BodgeIt ", + "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None 277 N/A None BodgeIt ", "content_type": [ "dojo", "test_import" @@ -85652,7 +85652,7 @@ }, { "fields": { - "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None", + "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None", "content_type": [ "dojo", "test_import" @@ -86174,7 +86174,7 @@ }, { "fields": { - "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(\u0026version)\n coming soon None None S3 None None None None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go", + "content": "Errors unhandled.-G104 N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n coming soon None None S3 None None None None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go", "content_type": [ "dojo", "test_import" @@ -86588,7 +86588,7 @@ }, { "fields": { - "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None", + "content": "Cross-site scripting (reflected) None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None None None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None", "content_type": [ "dojo", "test_import" @@ -86840,7 +86840,7 @@ }, { "fields": { - "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 302 None None BodgeIt ", + "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 302 None None BodgeIt ", "content_type": [ "dojo", "finding" @@ -86858,7 +86858,7 @@ }, { "fields": { - "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including \u003c \u003e \" ' and =, should be replaced with the corresponding HTML entities (\u0026lt; \u0026gt; etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 340 None None BodgeIt ", + "content": "Cross-Site Scripting (Reflected) None None None High URL: http://localhost:8888/bodgeit/search.jsp\n\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto alert(1)nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\nURL: http://localhost:8888/bodgeit/register.jsp\n\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 alert(1)jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \n \nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\n\n \n\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\n\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \" ' and =, should be replaced with the corresponding HTML entities (< > etc).\n\n\n\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\n Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\n\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\n\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\n\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \n None None \n\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\n\n\n S1 None None d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c None None None None None None None None None None None 340 None None BodgeIt ", "content_type": [ "dojo", "finding" @@ -86948,7 +86948,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 145 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 145 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -86966,7 +86966,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 13 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=332)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S1 None None 3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828 /root/basket.jsp None None None None None None None None None None 13 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87002,7 +87002,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "finding" @@ -87020,7 +87020,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Reflected XSS All Clients (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=330)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "finding" @@ -87038,7 +87038,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None None None None 276 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=333)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e /root/login.jsp None None None None None None None None None None 276 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87056,7 +87056,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 65 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 65 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87074,7 +87074,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 197 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=334)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S1 None None 95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1 /root/register.jsp None None None None None None None None None None 197 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87092,7 +87092,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: \u003c%= query %\u003e\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 217 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 217 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87110,7 +87110,7 @@ }, { "fields": { - "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") \u003e= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: \u003c%= query %\u003e\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 85 N/A None BodgeIt ", + "content": "Reflected XSS All Clients (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=331)\n\n**Line Number:** 10\n**Column:** 395\n**Source Object:** \"\"q\"\"\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 394\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** query\n**Number:** 10\n**Code:** String query = (String) request.getParameter(\"q\");\n-----\n**Line Number:** 13\n**Column:** 362\n**Source Object:** query\n**Number:** 13\n**Code:** if (query.replaceAll(\"\\\\s\", \"\").toLowerCase().indexOf(\"alert(\\\"xss\\\")\") >= 0) {\n-----\n**Line Number:** 18\n**Column:** 380\n**Source Object:** query\n**Number:** 18\n**Code:** You searched for: <%= query %>\n-----\n N/A N/A None None S1 None None 86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06 /root/search.jsp None None None None None None None None None None 85 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87128,7 +87128,7 @@ }, { "fields": { - "content": "SQL Injection (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp None None None None None None None None None None 278 N/A None BodgeIt ", + "content": "SQL Injection (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S1 None None a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9 /root/basket.jsp None None None None None None None None None None 278 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87146,7 +87146,7 @@ }, { "fields": { - "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 45 N/A None BodgeIt ", + "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 45 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87164,7 +87164,7 @@ }, { "fields": { - "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 177 N/A None BodgeIt ", + "content": "SQL Injection (login.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S1 None None 9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce /root/login.jsp None None None None None None None None None None 177 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87182,7 +87182,7 @@ }, { "fields": { - "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 18 N/A None BodgeIt ", + "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 18 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87200,7 +87200,7 @@ }, { "fields": { - "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 150 N/A None BodgeIt ", + "content": "SQL Injection (password.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S1 None None 684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f /root/password.jsp None None None None None None None None None None 150 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87218,7 +87218,7 @@ }, { "fields": { - "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 8 N/A None BodgeIt ", + "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 8 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87236,7 +87236,7 @@ }, { "fields": { - "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 140 N/A None BodgeIt ", + "content": "SQL Injection (register.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S1 None None c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0 /root/register.jsp None None None None None None None None None None 140 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87254,7 +87254,7 @@ }, { "fields": { - "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 51 N/A None BodgeIt ", + "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 51 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87272,7 +87272,7 @@ }, { "fields": { - "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 183 N/A None BodgeIt ", + "content": "Stored XSS (admin.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=375)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=376)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S1 None None 1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05 /root/admin.jsp None None None None None None None None None None 183 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87290,7 +87290,7 @@ }, { "fields": { - "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 151 N/A None BodgeIt ", + "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 151 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87308,7 +87308,7 @@ }, { "fields": { - "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 19 N/A None BodgeIt ", + "content": "Stored XSS (basket.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=377)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=378)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=379)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=380)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S1 None None 99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7 /root/basket.jsp None None None None None None None None None None 19 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87326,7 +87326,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 258 N/A None BodgeIt ", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 258 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87344,7 +87344,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 126 N/A None BodgeIt ", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=386)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 89\n**Column:** 401\n**Source Object:** getAttribute\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S1 None None 9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d /root/contact.jsp None None None None None None None None None None 126 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87362,7 +87362,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 90 N/A None BodgeIt ", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 90 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87380,7 +87380,7 @@ }, { "fields": { - "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 222 N/A None BodgeIt ", + "content": "Stored XSS (contact.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=381)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=382)\n\n**Line Number:** 63\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 63\n**Column:** 352\n**Source Object:** rs\n**Number:** 63\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 66\n**Column:** 359\n**Source Object:** rs\n**Number:** 66\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 68\n**Column:** 411\n**Source Object:** rs\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 423\n**Source Object:** getString\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n**Line Number:** 68\n**Column:** 364\n**Source Object:** println\n**Number:** 68\n**Code:** out.println(\"\" + rs.getString(\"name\") + \"\" + rs.getString(\"comment\") + \"\");\n-----\n N/A N/A None None S1 None None 2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e /root/contact.jsp None None None None None None None None None None 222 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87398,7 +87398,7 @@ }, { "fields": { - "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 63 N/A None BodgeIt ", + "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 63 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87416,7 +87416,7 @@ }, { "fields": { - "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 195 N/A None BodgeIt ", + "content": "Stored XSS (home.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=383)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=384)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=385)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02 /root/home.jsp None None None None None None None None None None 195 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87434,7 +87434,7 @@ }, { "fields": { - "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 263 N/A None BodgeIt ", + "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 263 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87452,7 +87452,7 @@ }, { "fields": { - "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 131 N/A None BodgeIt ", + "content": "Stored XSS (product.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=387)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=388)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=389)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=390)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=391)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=392)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=393)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=394)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=395)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=396)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=397)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=398)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=399)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=400)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=401)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=402)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=403)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=404)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=405)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=406)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=407)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S1 None None 59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2 /root/product.jsp None None None None None None None None None None 131 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87470,7 +87470,7 @@ }, { "fields": { - "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 234 N/A None BodgeIt ", + "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 234 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87488,7 +87488,7 @@ }, { "fields": { - "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 102 N/A None BodgeIt ", + "content": "Stored XSS (score.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=408)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=409)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=410)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=411)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=412)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=413)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S1 None None 926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d /root/score.jsp None None None None None None None None None None 102 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87506,7 +87506,7 @@ }, { "fields": { - "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 189 N/A None BodgeIt ", + "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 189 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87524,7 +87524,7 @@ }, { "fields": { - "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** \u003c%= output %\u003e\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 57 N/A None BodgeIt ", + "content": "Stored XSS (search.jsp) None None N/A High **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=414)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Python\n**Group:** Java High Risk\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=415)\n\n**Line Number:** 34\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 34\n**Column:** 352\n**Source Object:** rs\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 38\n**Column:** 373\n**Source Object:** rs\n**Number:** 38\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 42\n**Column:** 398\n**Source Object:** rs\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 42\n**Column:** 410\n**Source Object:** getString\n**Number:** 42\n**Code:** \"\" + rs.getString(\"PRICE\") + \"\\n\");\n-----\n**Line Number:** 39\n**Column:** 392\n**Source Object:** concat\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 39\n**Column:** 370\n**Source Object:** output\n**Number:** 39\n**Code:** output = output.concat(\"\" + rs.getString(\"PRODUCT\") +\n-----\n**Line Number:** 49\n**Column:** 355\n**Source Object:** output\n**Number:** 49\n**Code:** <%= output %>\n-----\n N/A N/A None None S1 None None 38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c /root/search.jsp None None None None None None None None None None 57 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87866,7 +87866,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 101 N/A None BodgeIt ", + "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 101 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87884,7 +87884,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 233 N/A None BodgeIt ", + "content": "CGI Reflected XSS All Clients (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=735)\n\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 141\n**Column:** 386\n**Source Object:** basketId\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n**Line Number:** 141\n**Column:** 363\n**Source Object:** println\n**Number:** 141\n**Code:** out.println(\"DEBUG basketid = \" + basketId + \"\");\n-----\n N/A N/A None None S2 None None d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02 /root/basket.jsp None None None None None None None None None None 233 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87902,7 +87902,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "finding" @@ -87920,7 +87920,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "CGI Reflected XSS All Clients (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=734)\n\n**Line Number:** 11\n**Column:** 398\n**Source Object:** \"\"comments\"\"\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 11\n**Column:** 357\n**Source Object:** comments\n**Number:** 11\n**Code:** String comments = (String) request.getParameter(\"comments\");\n-----\n**Line Number:** 19\n**Column:** 363\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "finding" @@ -87938,7 +87938,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 170 N/A None BodgeIt ", + "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 170 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87956,7 +87956,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 38 N/A None BodgeIt ", + "content": "CGI Reflected XSS All Clients (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=736)\n\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 46\n**Column:** 380\n**Source Object:** basketId\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 46\n**Column:** 354\n**Source Object:** debug\n**Number:** 46\n**Code:** debug += \" basketid = \" + basketId;\n-----\n**Line Number:** 78\n**Column:** 375\n**Source Object:** debug\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 78\n**Column:** 362\n**Source Object:** println\n**Number:** 78\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None 7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800 /root/login.jsp None None None None None None None None None None 38 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87974,7 +87974,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 15 N/A None BodgeIt ", + "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 15 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -87992,7 +87992,7 @@ }, { "fields": { - "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 147 N/A None BodgeIt ", + "content": "CGI Reflected XSS All Clients (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=737)\n\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 57\n**Column:** 405\n**Source Object:** basketId\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 57\n**Column:** 354\n**Source Object:** debug\n**Number:** 57\n**Code:** debug += \" userId = \" + userid + \" basketId = \" + basketId;\n-----\n**Line Number:** 96\n**Column:** 375\n**Source Object:** debug\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n**Line Number:** 96\n**Column:** 362\n**Source Object:** println\n**Number:** 96\n**Code:** out.println(\"DEBUG: \" + debug + \"\");\n-----\n N/A N/A None None S2 None None a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166 /root/register.jsp None None None None None None None None None None 147 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88010,7 +88010,7 @@ }, { "fields": { - "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 223 N/A None BodgeIt ", + "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 223 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88028,7 +88028,7 @@ }, { "fields": { - "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 91 N/A None BodgeIt ", + "content": "CGI Stored XSS (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=742)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=743)\n\n**Line Number:** 16\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 16\n**Column:** 352\n**Source Object:** rs\n**Number:** 16\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 19\n**Column:** 359\n**Source Object:** rs\n**Number:** 19\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 22\n**Column:** 406\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 369\n**Source Object:** rs\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 22\n**Column:** 381\n**Source Object:** getString\n**Number:** 22\n**Code:** \"\" + rs.getString(\"type\") + \"\" + rs.getInt(\"currentbasketid\") + \"\");\n-----\n**Line Number:** 21\n**Column:** 364\n**Source Object:** println\n**Number:** 21\n**Code:** out.println(\"\" + rs.getInt(\"userid\") + \"\" + rs.getString(\"name\") +\n-----\n N/A N/A None None S2 None None 45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991 /root/admin.jsp None None None None None None None None None None 91 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88046,7 +88046,7 @@ }, { "fields": { - "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 82 N/A None BodgeIt ", + "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 82 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88064,7 +88064,7 @@ }, { "fields": { - "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 214 N/A None BodgeIt ", + "content": "CGI Stored XSS (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=744)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=745)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=746)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=747)\n\n**Line Number:** 242\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 242\n**Column:** 352\n**Source Object:** rs\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 248\n**Column:** 359\n**Source Object:** rs\n**Number:** 248\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 250\n**Column:** 370\n**Source Object:** rs\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 382\n**Source Object:** getString\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 250\n**Column:** 360\n**Source Object:** product\n**Number:** 250\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 257\n**Column:** 436\n**Source Object:** product\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n**Line Number:** 257\n**Column:** 364\n**Source Object:** println\n**Number:** 257\n**Code:** out.println(\"\" + product + \"\");\n-----\n N/A N/A None None S2 None None 9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242 /root/basket.jsp None None None None None None None None None None 214 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88082,7 +88082,7 @@ }, { "fields": { - "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 96 N/A None BodgeIt ", + "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 96 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88100,7 +88100,7 @@ }, { "fields": { - "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 228 N/A None BodgeIt ", + "content": "CGI Stored XSS (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=753)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 14\n**Column:** 38\n**Source Object:** getAttribute\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 14\n**Column:** 10\n**Source Object:** username\n**Number:** 14\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 29\n**Column:** 52\n**Source Object:** username\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n**Line Number:** 29\n**Column:** 8\n**Source Object:** println\n**Number:** 29\n**Code:** out.println(\"User: \" + username + \"\");\n-----\n N/A N/A None None S2 None None d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d /root/header.jsp None None None None None None None None None None 228 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88118,7 +88118,7 @@ }, { "fields": { - "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 152 N/A None BodgeIt ", + "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 152 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88136,7 +88136,7 @@ }, { "fields": { - "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 20 N/A None BodgeIt ", + "content": "CGI Stored XSS (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=750)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=751)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=752)\n\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 353\n**Source Object:** rs\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 26\n**Column:** 357\n**Source Object:** rs\n**Number:** 26\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 28\n**Column:** 371\n**Source Object:** rs\n**Number:** 28\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 29\n**Column:** 368\n**Source Object:** rs\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 380\n**Source Object:** getString\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 29\n**Column:** 361\n**Source Object:** type\n**Number:** 29\n**Code:** String type = rs.getString(\"type\");\n-----\n**Line Number:** 32\n**Column:** 384\n**Source Object:** type\n**Number:** 32\n**Code:** product + \"\" + type + \"\" + nf.format(price) + \"\");\n-----\n**Line Number:** 31\n**Column:** 365\n**Source Object:** println\n**Number:** 31\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7 /root/home.jsp None None None None None None None None None None 20 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88154,7 +88154,7 @@ }, { "fields": { - "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 207 N/A None BodgeIt ", + "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 207 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88172,7 +88172,7 @@ }, { "fields": { - "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 75 N/A None BodgeIt ", + "content": "CGI Stored XSS (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=754)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=755)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=756)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=757)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=758)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=759)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=760)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=761)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=762)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=763)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=764)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=765)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=766)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=767)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=768)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=769)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=770)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 42\n**Column:** 353\n**Source Object:** rs\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 45\n**Column:** 360\n**Source Object:** rs\n**Number:** 45\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 47\n**Column:** 371\n**Source Object:** rs\n**Number:** 47\n**Code:** String product = rs.getString(\"product\");\n-----\n**Line Number:** 48\n**Column:** 373\n**Source Object:** rs\n**Number:** 48\n**Code:** BigDecimal price = rs.getBigDecimal(\"price\");\n-----\n**Line Number:** 50\n**Column:** 379\n**Source Object:** rs\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 50\n**Column:** 391\n**Source Object:** getString\n**Number:** 50\n**Code:** product + \"\" + rs.getString(\"type\")+\n-----\n**Line Number:** 49\n**Column:** 365\n**Source Object:** println\n**Number:** 49\n**Code:** out.println(\"\" +\n-----\n N/A N/A None None S2 None None 1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20 /root/product.jsp None None None None None None None None None None 75 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88190,7 +88190,7 @@ }, { "fields": { - "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 179 N/A None BodgeIt ", + "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 179 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88208,7 +88208,7 @@ }, { "fields": { - "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 47 N/A None BodgeIt ", + "content": "CGI Stored XSS (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=771)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=772)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=773)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=774)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=775)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=776)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 353\n**Source Object:** rs\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 17\n**Column:** 360\n**Source Object:** rs\n**Number:** 17\n**Code:** while (rs.next()) {\n-----\n**Line Number:** 19\n**Column:** 375\n**Source Object:** rs\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 387\n**Source Object:** getString\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n**Line Number:** 19\n**Column:** 365\n**Source Object:** println\n**Number:** 19\n**Code:** out.println(\"\" + rs.getString(\"description\") + \"\");\n-----\n N/A N/A None None S2 None None 60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c /root/score.jsp None None None None None None None None None None 47 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88226,7 +88226,7 @@ }, { "fields": { - "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 165 N/A None BodgeIt ", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 165 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88244,7 +88244,7 @@ }, { "fields": { - "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 33 N/A None BodgeIt ", + "content": "Client Cross Frame Scripting Attack (advanced.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** JavaScript\n**Group:** JavaScript Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\n\n**Line Number:** 1\n**Column:** 1\n**Source Object:** CxJSNS_1557034993\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None 51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b /root/advanced.jsp None None None None None None None None None None 33 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88262,7 +88262,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 52 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 52 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88280,7 +88280,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 184 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (admin.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\n\n**Line Number:** 1\n**Column:** 621\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4 /root/admin.jsp None None None None None None None None None None 184 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88298,7 +88298,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 138 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 138 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88316,7 +88316,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 270 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\n\n**Line Number:** 1\n**Column:** 778\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f /root/advanced.jsp None None None None None None None None None None 270 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88334,7 +88334,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n N/A N/A None None S2 None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp None None None None None None None None None None 272 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\n\n**Line Number:** 1\n**Column:** 680\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e /root/basket.jsp None None None None None None None None None None 272 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88352,7 +88352,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 77 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 77 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88370,7 +88370,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 209 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (header.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\n\n**Line Number:** 87\n**Column:** 10\n**Source Object:** forName\n**Number:** 87\n**Code:** Class.forName(\"org.hsqldb.jdbcDriver\" );\n-----\n N/A N/A None None S2 None None bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2 /root/header.jsp None None None None None None None None None None 209 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88388,7 +88388,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 175 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 175 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88406,7 +88406,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 43 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\n\n**Line Number:** 1\n**Column:** 640\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698 /root/home.jsp None None None None None None None None None None 43 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88424,7 +88424,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 141 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 141 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88442,7 +88442,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 9 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\n\n N/A N/A None None S2 None None a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5 /root/login.jsp None None None None None None None None None None 9 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88460,7 +88460,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 199 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 199 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88478,7 +88478,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 67 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\n\n**Line Number:** 1\n**Column:** 625\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf /root/password.jsp None None None None None None None None None None 67 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88496,7 +88496,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 187 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 187 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88514,7 +88514,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 55 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\n\n**Line Number:** 1\n**Column:** 643\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447 /root/product.jsp None None None None None None None None None None 55 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88532,7 +88532,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 62 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 62 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88550,7 +88550,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 194 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\n\n N/A N/A None None S2 None None 62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f /root/register.jsp None None None None None None None None None None 194 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88568,7 +88568,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 200 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 200 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88586,7 +88586,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 68 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (score.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\n\n N/A N/A None None S2 None None 6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab /root/score.jsp None None None None None None None None None None 68 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88604,7 +88604,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 110 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 110 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88622,7 +88622,7 @@ }, { "fields": { - "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 242 N/A None BodgeIt ", + "content": "Download of Code Without Integrity Check (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** forName\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a /root/search.jsp None None None None None None None None None None 242 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88640,7 +88640,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 117 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 117 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88658,7 +88658,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 249 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (advanced.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n**Line Number:** 1\n**Column:** 860\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S2 None None b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44 /root/advanced.jsp None None None None None None None None None None 249 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88676,7 +88676,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 50 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 50 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88694,7 +88694,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 182 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\n\n**Line Number:** 1\n**Column:** 792\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 762\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n N/A N/A None None S2 None None 4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f /root/basket.jsp None None None None None None None None None None 182 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88712,7 +88712,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 40 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 40 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88730,7 +88730,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 172 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 704\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625 /root/contact.jsp None None None None None None None None None None 172 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88748,7 +88748,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 173 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 173 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88766,7 +88766,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 41 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (dbconnection.jspf) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 643\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904 /root/dbconnection.jspf None None None None None None None None None None 41 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88784,7 +88784,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 24 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 24 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88802,7 +88802,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 156 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 722\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c /root/home.jsp None None None None None None None None None None 156 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88820,7 +88820,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 59 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 59 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88838,7 +88838,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 191 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2619\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d /root/init.jsp None None None None None None None None None None 191 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88856,7 +88856,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 248 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 248 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88874,7 +88874,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 116 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\n\n N/A N/A None None S2 None None fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd /root/login.jsp None None None None None None None None None None 116 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88892,7 +88892,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 34 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 34 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88910,7 +88910,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 166 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\n\n**Line Number:** 1\n**Column:** 737\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 707\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905 /root/password.jsp None None None None None None None None None None 166 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88928,7 +88928,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 148 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 148 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88946,7 +88946,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 16 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (product.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 725\n**Source Object:** getConnection\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33 /root/product.jsp None None None None None None None None None None 16 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88964,7 +88964,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 81 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 81 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -88982,7 +88982,7 @@ }, { "fields": { - "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 213 N/A None BodgeIt ", + "content": "Hardcoded Password in Connection String (search.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S2 None None 775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea /root/search.jsp None None None None None None None None None None 213 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89000,7 +89000,7 @@ }, { "fields": { - "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 265 N/A None BodgeIt ", + "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 265 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89018,7 +89018,7 @@ }, { "fields": { - "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 133 N/A None BodgeIt ", + "content": "Heap Inspection (init.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\n\n**Line Number:** 1\n**Column:** 563\n**Source Object:** passwordSize\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f /root/init.jsp None None None None None None None None None None 133 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89036,7 +89036,7 @@ }, { "fields": { - "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 54 N/A None BodgeIt ", + "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 54 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89054,7 +89054,7 @@ }, { "fields": { - "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 186 N/A None BodgeIt ", + "content": "Heap Inspection (login.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\n\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n N/A N/A None None S2 None None 78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2 /root/login.jsp None None None None None None None None None None 186 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89072,7 +89072,7 @@ }, { "fields": { - "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 26 N/A None BodgeIt ", + "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 26 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89090,7 +89090,7 @@ }, { "fields": { - "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 158 N/A None BodgeIt ", + "content": "Heap Inspection (password.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\n\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e /root/password.jsp None None None None None None None None None None 158 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89108,7 +89108,7 @@ }, { "fields": { - "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 92 N/A None BodgeIt ", + "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 92 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89126,7 +89126,7 @@ }, { "fields": { - "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 224 N/A None BodgeIt ", + "content": "Heap Inspection (register.jsp) None None N/A Medium **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\n\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** password1\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n N/A N/A None None S2 None None 6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd /root/register.jsp None None None None None None None None None None 224 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89144,7 +89144,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 193 N/A None BodgeIt ", + "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 193 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89162,7 +89162,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 61 N/A None BodgeIt ", + "content": "HttpOnlyCookies (basket.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\n\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932 /root/basket.jsp None None None None None None None None None None 61 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89180,7 +89180,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 259 N/A None BodgeIt ", + "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 259 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89198,7 +89198,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 127 N/A None BodgeIt ", + "content": "HttpOnlyCookies (login.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\n\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3 /root/login.jsp None None None None None None None None None None 127 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89216,7 +89216,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 14 N/A None BodgeIt ", + "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 14 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89234,7 +89234,7 @@ }, { "fields": { - "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 146 N/A None BodgeIt ", + "content": "HttpOnlyCookies (register.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\n\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n N/A N/A None None S2 None None 24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924 /root/register.jsp None None None None None None None None None None 146 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89252,7 +89252,7 @@ }, { "fields": { - "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 98 N/A None BodgeIt ", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 98 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89270,7 +89270,7 @@ }, { "fields": { - "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 230 N/A None BodgeIt ", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=64)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S2 None None 7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0 /build/WEB-INF/web.xml None None None None None None None None None None 230 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89288,7 +89288,7 @@ }, { "fields": { - "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 167 N/A None BodgeIt ", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 167 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89306,7 +89306,7 @@ }, { "fields": { - "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 35 N/A None BodgeIt ", + "content": "HttpOnlyCookies in Config (web.xml) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\n\n N/A N/A None None S2 None None b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c /root/WEB-INF/web.xml None None None None None None None None None None 35 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89324,7 +89324,7 @@ }, { "fields": { - "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 56 N/A None BodgeIt ", + "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 56 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89342,7 +89342,7 @@ }, { "fields": { - "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 188 N/A None BodgeIt ", + "content": "Session Fixation (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\n\n**Line Number:** 48\n**Column:** 38\n**Source Object:** setAttribute\n**Number:** 48\n**Code:** this.session.setAttribute(\"key\", this.encryptKey);\n-----\n N/A N/A None None S2 None None f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 188 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89360,7 +89360,7 @@ }, { "fields": { - "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 247 N/A None BodgeIt ", + "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 247 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89378,7 +89378,7 @@ }, { "fields": { - "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 115 N/A None BodgeIt ", + "content": "Session Fixation (logout.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\n\n**Line Number:** 3\n**Column:** 370\n**Source Object:** setAttribute\n**Number:** 3\n**Code:** session.setAttribute(\"username\", null);\n-----\n N/A N/A None None S2 None None 08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10 /root/logout.jsp None None None None None None None None None None 115 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89396,7 +89396,7 @@ }, { "fields": { - "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 28 N/A None BodgeIt ", + "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 28 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89414,7 +89414,7 @@ }, { "fields": { - "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 160 N/A None BodgeIt ", + "content": "Trust Boundary Violation (login.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S2 None None 9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019 /root/login.jsp None None None None None None None None None None 160 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89432,7 +89432,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp None None None None None None None None None None 274 N/A None BodgeIt ", + "content": "Use of Cryptographically Weak PRNG (contact.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2 /root/contact.jsp None None None None None None None None None None 274 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89450,7 +89450,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 159 N/A None BodgeIt ", + "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 159 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89468,7 +89468,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 27 N/A None BodgeIt ", + "content": "Use of Cryptographically Weak PRNG (home.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195 /root/home.jsp None None None None None None None None None None 27 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89486,7 +89486,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 206 N/A None BodgeIt ", + "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 206 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89504,7 +89504,7 @@ }, { "fields": { - "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 74 N/A None BodgeIt ", + "content": "Use of Cryptographically Weak PRNG (init.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2 /root/init.jsp None None None None None None None None None None 74 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89522,7 +89522,7 @@ }, { "fields": { - "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 99 N/A None BodgeIt ", + "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 99 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89540,7 +89540,7 @@ }, { "fields": { - "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 231 N/A None BodgeIt ", + "content": "Use of Hard Coded Cryptographic Key (AES.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\n\n**Line Number:** 50\n**Column:** 43\n**Source Object:** \"\"AES/ECB/NoPadding\"\"\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 42\n**Source Object:** getInstance\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n**Line Number:** 50\n**Column:** 19\n**Source Object:** c2\n**Number:** 50\n**Code:** Cipher c2 = Cipher.getInstance(\"AES/ECB/NoPadding\");\n-----\n N/A N/A None None S2 None None 779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 231 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89558,7 +89558,7 @@ }, { "fields": { - "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 88 N/A None BodgeIt ", + "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 88 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89576,7 +89576,7 @@ }, { "fields": { - "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 220 N/A None BodgeIt ", + "content": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\n\n**Line Number:** 47\n**Column:** 70\n**Source Object:** 0\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 69\n**Source Object:** substring\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 47\n**Column:** 17\n**Source Object:** encryptKey\n**Number:** 47\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\n-----\n**Line Number:** 17\n**Column:** 374\n**Source Object:** AdvancedSearch\n**Number:** 17\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\n-----\n**Line Number:** 18\n**Column:** 357\n**Source Object:** as\n**Number:** 18\n**Code:** if(as.isAjax()){\n-----\n**Line Number:** 26\n**Column:** 20\n**Source Object:** encryptKey\n**Number:** 26\n**Code:** private String encryptKey = null;\n-----\n N/A N/A None None S2 None None d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 220 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89594,7 +89594,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 257 N/A None BodgeIt ", + "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 257 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89612,7 +89612,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 125 N/A None BodgeIt ", + "content": "Use of Insufficiently Random Values (contact.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\n\n**Line Number:** 54\n**Column:** 377\n**Source Object:** random\n**Number:** 54\n**Code:** anticsrf = \"\" + Math.random();\n-----\n N/A N/A None None S2 None None 78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88 /root/contact.jsp None None None None None None None None None None 125 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89630,7 +89630,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None None None None 277 N/A None BodgeIt ", + "content": "Use of Insufficiently Random Values (home.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\n\n**Line Number:** 24\n**Column:** 469\n**Source Object:** random\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n N/A N/A None None S2 None None 67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a /root/home.jsp None None None None None None None None None None 277 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89648,7 +89648,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 83 N/A None BodgeIt ", + "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 83 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89666,7 +89666,7 @@ }, { "fields": { - "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 215 N/A None BodgeIt ", + "content": "Use of Insufficiently Random Values (init.jsp) None None N/A Medium **Category:** \n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\n\n**Line Number:** 1\n**Column:** 599\n**Source Object:** random\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S2 None None 2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48 /root/init.jsp None None None None None None None None None None 215 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89684,7 +89684,7 @@ }, { "fields": { - "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 269 N/A None BodgeIt ", + "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 269 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89702,7 +89702,7 @@ }, { "fields": { - "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 137 N/A None BodgeIt ", + "content": "XSRF (password.jsp) None None N/A Medium **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\n**Language:** Java\n**Group:** Java Medium Threat\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S2 None None 371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473 /root/password.jsp None None None None None None None None None None 137 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -89774,7 +89774,7 @@ }, { "fields": { - "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(\u0026version)\n coming soon None None S3 None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go None None None None None None None None None None 326 N/A None BodgeIt ", + "content": "Errors Unhandled.-G104 None None N/A Low Filename: /vagrant/go/src/govwa/setting/setting.go\nLine number: 66\nIssue Confidence: HIGH\n\nCode:\n_ = db.QueryRow(sql).Scan(&version)\n coming soon None None S3 None None 6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed /vagrant/go/src/govwa/setting/setting.go None None None None None None None None None None 326 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90116,7 +90116,7 @@ }, { "fields": { - "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 229 N/A None BodgeIt ", + "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 229 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90134,7 +90134,7 @@ }, { "fields": { - "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 97 N/A None BodgeIt ", + "content": "Blind SQL Injections (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\n\n**Line Number:** 148\n**Column:** 391\n**Source Object:** \"\"productid\"\"\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 390\n**Source Object:** getParameter\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 148\n**Column:** 358\n**Source Object:** productId\n**Number:** 148\n**Code:** String productId = request.getParameter(\"productid\");\n-----\n**Line Number:** 172\n**Column:** 410\n**Source Object:** productId\n**Number:** 172\n**Code:** \" WHERE basketid=\" + basketId + \" AND productid = \" + productId);\n-----\n**Line Number:** 171\n**Column:** 382\n**Source Object:** prepareStatement\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 171\n**Column:** 354\n**Source Object:** stmt\n**Number:** 171\n**Code:** stmt = conn.prepareStatement(\"UPDATE BasketContents SET quantity = \" + Integer.parseInt(quantity) +\n-----\n**Line Number:** 173\n**Column:** 354\n**Source Object:** stmt\n**Number:** 173\n**Code:** stmt.execute();\n-----\n**Line Number:** 173\n**Column:** 366\n**Source Object:** execute\n**Number:** 173\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31 /root/basket.jsp None None None None None None None None None None 97 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90152,7 +90152,7 @@ }, { "fields": { - "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 79 N/A None BodgeIt ", + "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 79 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90170,7 +90170,7 @@ }, { "fields": { - "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 211 N/A None BodgeIt ", + "content": "Blind SQL Injections (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\n\n**Line Number:** 8\n**Column:** 398\n**Source Object:** \"\"password\"\"\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 397\n**Source Object:** getParameter\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 8\n**Column:** 357\n**Source Object:** password\n**Number:** 8\n**Code:** String password = (String) request.getParameter(\"password\");\n-----\n**Line Number:** 15\n**Column:** 449\n**Source Object:** password\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551 /root/login.jsp None None None None None None None None None None 211 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90188,7 +90188,7 @@ }, { "fields": { - "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 157 N/A None BodgeIt ", + "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 157 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90206,7 +90206,7 @@ }, { "fields": { - "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null \u0026\u0026 password1.length() \u003e 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 25 N/A None BodgeIt ", + "content": "Blind SQL Injections (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\n\n**Line Number:** 10\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 10\n**Column:** 357\n**Source Object:** password1\n**Number:** 10\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 15\n**Column:** 375\n**Source Object:** password1\n**Number:** 15\n**Code:** if (password1 != null && password1.length() > 0) {\n-----\n**Line Number:** 16\n**Column:** 358\n**Source Object:** password1\n**Number:** 16\n**Code:** if ( ! password1.equals(password2)) {\n-----\n**Line Number:** 18\n**Column:** 384\n**Source Object:** password1\n**Number:** 18\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 24\n**Column:** 404\n**Source Object:** password1\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None 8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61 /root/password.jsp None None None None None None None None None None 25 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90224,7 +90224,7 @@ }, { "fields": { - "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 240 N/A None BodgeIt ", + "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 240 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90242,7 +90242,7 @@ }, { "fields": { - "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() \u003c 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 108 N/A None BodgeIt ", + "content": "Blind SQL Injections (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\n\n**Line Number:** 7\n**Column:** 399\n**Source Object:** \"\"password1\"\"\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 7\n**Column:** 398\n**Source Object:** getParameter\n**Number:** 7\n**Code:** String password1 = (String) request.getParameter(\"password1\");\n-----\n**Line Number:** 22\n**Column:** 383\n**Source Object:** password1\n**Number:** 22\n**Code:** } else if (password1 == null || password1.length() < 5) {\n-----\n**Line Number:** 25\n**Column:** 362\n**Source Object:** password1\n**Number:** 25\n**Code:** } else if (password1.equals(password2)) {\n-----\n**Line Number:** 30\n**Column:** 450\n**Source Object:** password1\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336 /root/register.jsp None None None None None None None None None None 108 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90260,7 +90260,7 @@ }, { "fields": { - "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 80 N/A None BodgeIt ", + "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 80 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90278,7 +90278,7 @@ }, { "fields": { - "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 212 N/A None BodgeIt ", + "content": "Client DOM Open Redirect (advanced.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=66)\n\n**Line Number:** 48\n**Column:** 63\n**Source Object:** href\n**Number:** 48\n**Code:** New Search\n-----\n**Line Number:** 48\n**Column:** 38\n**Source Object:** location\n**Number:** 48\n**Code:** New Search\n-----\n N/A N/A None None S3 None None 3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93 /root/advanced.jsp None None None None None None None None None None 212 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90296,7 +90296,7 @@ }, { "fields": { - "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 149 N/A None BodgeIt ", + "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 149 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90314,7 +90314,7 @@ }, { "fields": { - "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 17 N/A None BodgeIt ", + "content": "Client Insecure Randomness (encryption.js) None None N/A Low **Category:** \n**Language:** JavaScript\n**Group:** JavaScript Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\n\n**Line Number:** 127\n**Column:** 28\n**Source Object:** random\n**Number:** 127\n**Code:** var h = Math.floor(Math.random() * 65535);\n-----\n N/A N/A None None S3 None None 9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6 /root/js/encryption.js None None None None None None None None None None 17 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90332,7 +90332,7 @@ }, { "fields": { - "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "finding" @@ -90350,7 +90350,7 @@ }, { "fields": { - "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", + "content": "Collapse of Data Into Unsafe Value (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=4)\n\n**Line Number:** 19\n**Column:** 379\n**Source Object:** replace\n**Number:** 19\n**Code:** comments = comments.replace(\"\", \"\");\n-----\n**Line Number:** 19\n**Column:** 352\n**Source Object:** comments\n**Number:** 19\n**Code:** comments = comments.replace(\"", "content_type": [ "dojo", "finding" @@ -90368,7 +90368,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 178 N/A None BodgeIt ", + "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 178 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90386,7 +90386,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%\u003e\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 46 N/A None BodgeIt ", + "content": "Empty Password in Connection String (advanced.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\n\n**Line Number:** 1\n**Column:** 890\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"com.thebodgeitstore.search.AdvancedSearch\"%>\n-----\n N/A N/A None None S3 None None 35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120 /root/advanced.jsp None None None None None None None None None None 46 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90404,7 +90404,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 267 N/A None BodgeIt ", + "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 267 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90422,7 +90422,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 135 N/A None BodgeIt ", + "content": "Empty Password in Connection String (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\n\n**Line Number:** 1\n**Column:** 734\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6 /root/contact.jsp None None None None None None None None None None 135 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90440,7 +90440,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 190 N/A None BodgeIt ", + "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 190 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90458,7 +90458,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 58 N/A None BodgeIt ", + "content": "Empty Password in Connection String (dbconnection.jspf) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659 /root/dbconnection.jspf None None None None None None None None None None 58 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90476,7 +90476,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 71 N/A None BodgeIt ", + "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 71 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90494,7 +90494,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 203 N/A None BodgeIt ", + "content": "Empty Password in Connection String (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\n\n**Line Number:** 89\n**Column:** 1\n**Source Object:** \"\"\"\"\n**Number:** 89\n**Code:** c = DriverManager.getConnection(\"jdbc:hsqldb:mem:SQL\", \"sa\", \"\");\n-----\n N/A N/A None None S3 None None 66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e /root/header.jsp None None None None None None None None None None 203 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90512,7 +90512,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 64 N/A None BodgeIt ", + "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 64 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90530,7 +90530,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 196 N/A None BodgeIt ", + "content": "Empty Password in Connection String (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\n\n**Line Number:** 1\n**Column:** 752\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36 /root/home.jsp None None None None None None None None None None 196 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90548,7 +90548,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 53 N/A None BodgeIt ", + "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 53 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90566,7 +90566,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 185 N/A None BodgeIt ", + "content": "Empty Password in Connection String (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\n\n**Line Number:** 1\n**Column:** 2649\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841 /root/init.jsp None None None None None None None None None None 185 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90584,7 +90584,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 123 N/A None BodgeIt ", + "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 123 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90602,7 +90602,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 255 N/A None BodgeIt ", + "content": "Empty Password in Connection String (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\n\n N/A N/A None None S3 None None eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296 /root/login.jsp None None None None None None None None None None 255 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90620,7 +90620,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 31 N/A None BodgeIt ", + "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 31 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90638,7 +90638,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 163 N/A None BodgeIt ", + "content": "Empty Password in Connection String (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\n\n**Line Number:** 1\n**Column:** 755\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f /root/product.jsp None None None None None None None None None None 163 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90656,7 +90656,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 42 N/A None BodgeIt ", + "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 42 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90674,7 +90674,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 174 N/A None BodgeIt ", + "content": "Empty Password in Connection String (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\n\n N/A N/A None None S3 None None 8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653 /root/register.jsp None None None None None None None None None None 174 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90692,7 +90692,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 120 N/A None BodgeIt ", + "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 120 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90710,7 +90710,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 252 N/A None BodgeIt ", + "content": "Empty Password in Connection String (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\n\n N/A N/A None None S3 None None 6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44 /root/score.jsp None None None None None None None None None None 252 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90728,7 +90728,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 244 N/A None BodgeIt ", + "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 244 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90746,7 +90746,7 @@ }, { "fields": { - "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 112 N/A None BodgeIt ", + "content": "Empty Password in Connection String (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\n\n**Line Number:** 1\n**Column:** 785\n**Source Object:** \"\"\"\"\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n N/A N/A None None S3 None None 63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95 /root/search.jsp None None None None None None None None None None 112 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90764,7 +90764,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 204 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 204 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90782,7 +90782,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 72 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (FunctionalZAP.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\n\n**Line Number:** 31\n**Column:** 37\n**Source Object:** getProperty\n**Number:** 31\n**Code:** String target = System.getProperty(\"zap.targetApp\");\n-----\n N/A N/A None None S3 None None 174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725 /src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java None None None None None None None None None None 72 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90800,7 +90800,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp None None None None None None None None None None 273 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\n\n**Line Number:** 12\n**Column:** 383\n**Source Object:** execute\n**Number:** 12\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\");\n-----\n N/A N/A None None S3 None None 5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099 /root/admin.jsp None None None None None None None None None None 273 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90818,7 +90818,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 201 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 201 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90836,7 +90836,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 69 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\n\n**Line Number:** 55\n**Column:** 385\n**Source Object:** executeQuery\n**Number:** 55\n**Code:** ResultSet rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE basketid = \" + basketId);\n-----\n N/A N/A None None S3 None None 76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f /root/basket.jsp None None None None None None None None None None 69 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90854,7 +90854,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 119 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 119 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90872,7 +90872,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 251 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\n\n**Line Number:** 91\n**Column:** 14\n**Source Object:** executeQuery\n**Number:** 91\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9 /root/header.jsp None None None None None None None None None None 251 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90890,7 +90890,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 237 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 237 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90908,7 +90908,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 105 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\n\n**Line Number:** 14\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17 /root/home.jsp None None None None None None None None None None 105 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90926,7 +90926,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 95 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 95 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90944,7 +90944,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 227 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (init.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\n\n**Line Number:** 1\n**Column:** 3261\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610 /root/init.jsp None None None None None None None None None None 227 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90962,7 +90962,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 250 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 250 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90980,7 +90980,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 118 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n N/A N/A None None S3 None None 70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1 /root/login.jsp None None None None None None None None None None 118 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -90998,7 +90998,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 32 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 32 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91016,7 +91016,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 164 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (password.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\n\n**Line Number:** 24\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 24\n**Code:** stmt.executeQuery(\"UPDATE Users set password= '\" + password1 + \"' where name = '\" + username + \"'\");\n-----\n N/A N/A None None S3 None None c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a /root/password.jsp None None None None None None None None None None 164 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91034,7 +91034,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 198 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 198 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91052,7 +91052,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 66 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\n\n**Line Number:** 42\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 42\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628 /root/product.jsp None None None None None None None None None None 66 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91070,7 +91070,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 271 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 271 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91088,7 +91088,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 139 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\n\n**Line Number:** 29\n**Column:** 370\n**Source Object:** executeQuery\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n N/A N/A None None S3 None None d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5 /root/register.jsp None None None None None None None None None None 139 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91106,7 +91106,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 246 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 246 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91124,7 +91124,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 114 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\n\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40 /root/score.jsp None None None None None None None None None None 114 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91142,7 +91142,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 104 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 104 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91160,7 +91160,7 @@ }, { "fields": { - "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 236 N/A None BodgeIt ", + "content": "Improper Resource Access Authorization (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\n\n**Line Number:** 14\n**Column:** 396\n**Source Object:** execute\n**Number:** 14\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\");\n-----\n N/A N/A None None S3 None None b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10 /root/search.jsp None None None None None None None None None None 236 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91178,7 +91178,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 36 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 36 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91196,7 +91196,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 168 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\n\n**Line Number:** 40\n**Column:** 13\n**Source Object:** connection\n**Number:** 40\n**Code:** this.connection = conn;\n-----\n**Line Number:** 43\n**Column:** 31\n**Source Object:** getParameters\n**Number:** 43\n**Code:** this.getParameters();\n-----\n**Line Number:** 44\n**Column:** 28\n**Source Object:** setResults\n**Number:** 44\n**Code:** this.setResults();\n-----\n**Line Number:** 188\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 188\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\n-----\n**Line Number:** 198\n**Column:** 61\n**Source Object:** isAjax\n**Number:** 198\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\", \") : result.getTrHTML());\n-----\n**Line Number:** 201\n**Column:** 39\n**Source Object:** isAjax\n**Number:** 201\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\n-----\n**Line Number:** 45\n**Column:** 27\n**Source Object:** setScores\n**Number:** 45\n**Code:** this.setScores();\n-----\n**Line Number:** 129\n**Column:** 28\n**Source Object:** isDebug\n**Number:** 129\n**Code:** if(this.isDebug()){\n-----\n**Line Number:** 130\n**Column:** 21\n**Source Object:** connection\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 48\n**Source Object:** createStatement\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 130\n**Column:** 58\n**Source Object:** execute\n**Number:** 130\n**Code:** this.connection.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 168 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91214,7 +91214,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 106 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 106 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91232,7 +91232,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 238 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (admin.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\n\n**Line Number:** 1\n**Column:** 669\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1589\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 15\n**Column:** 359\n**Source Object:** conn\n**Number:** 15\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Users\");\n-----\n**Line Number:** 27\n**Column:** 359\n**Source Object:** conn\n**Number:** 27\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Baskets\");\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** conn\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 39\n**Column:** 352\n**Source Object:** stmt\n**Number:** 39\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents\");\n-----\n**Line Number:** 40\n**Column:** 357\n**Source Object:** stmt\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 40\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 40\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6 /root/admin.jsp None None None None None None None None None None 238 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91250,7 +91250,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 245 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 245 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91268,7 +91268,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 132 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 132 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91286,7 +91286,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 210 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 210 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91304,7 +91304,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 113 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\n\n**Line Number:** 1\n**Column:** 670\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1590\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 12\n**Column:** 368\n**Source Object:** conn\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 388\n**Source Object:** createStatement\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 12\n**Column:** 361\n**Source Object:** stmt\n**Number:** 12\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 15\n**Column:** 357\n**Source Object:** stmt\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 383\n**Source Object:** getInt\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 21\n**Column:** 360\n**Source Object:** userid\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 23\n**Column:** 384\n**Source Object:** userid\n**Number:** 23\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n**Line Number:** 37\n**Column:** 396\n**Source Object:** getAttribute\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 37\n**Column:** 358\n**Source Object:** userid\n**Number:** 37\n**Code:** String userid = (String) session.getAttribute(\"userid\");\n-----\n**Line Number:** 110\n**Column:** 420\n**Source Object:** userid\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 376\n**Source Object:** executeQuery\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 110\n**Column:** 354\n**Source Object:** rs\n**Number:** 110\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Baskets WHERE (userid = \" + userid + \")\");\n-----\n**Line Number:** 111\n**Column:** 354\n**Source Object:** rs\n**Number:** 111\n**Code:** rs.next();\n-----\n**Line Number:** 112\n**Column:** 370\n**Source Object:** rs\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 379\n**Source Object:** getInt\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 112\n**Column:** 354\n**Source Object:** basketId\n**Number:** 112\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 113 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91322,7 +91322,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"java.net.URL\"%\u003e\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 78 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\n\n**Line Number:** 1\n**Column:** 728\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 1\n**Column:** 1648\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"java.net.URL\"%>\n-----\n**Line Number:** 53\n**Column:** 369\n**Source Object:** conn\n**Number:** 53\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 240\n**Column:** 359\n**Source Object:** conn\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 274\n**Column:** 353\n**Source Object:** stmt\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 274\n**Column:** 365\n**Source Object:** execute\n**Number:** 274\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 78 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91340,7 +91340,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 264 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\n\n**Line Number:** 1\n**Column:** 673\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1593\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 26\n**Column:** 369\n**Source Object:** conn\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 26\n**Column:** 362\n**Source Object:** stmt\n**Number:** 26\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 29\n**Column:** 353\n**Source Object:** stmt\n**Number:** 29\n**Code:** stmt.executeQuery(\"INSERT INTO Users (name, type, password) VALUES ('\" + username + \"', 'USER', '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 358\n**Source Object:** stmt\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 30\n**Column:** 353\n**Source Object:** rs\n**Number:** 30\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password1 + \"')\");\n-----\n**Line Number:** 31\n**Column:** 353\n**Source Object:** rs\n**Number:** 31\n**Code:** rs.next();\n-----\n**Line Number:** 32\n**Column:** 368\n**Source Object:** rs\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 377\n**Source Object:** getInt\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 32\n**Column:** 353\n**Source Object:** userid\n**Number:** 32\n**Code:** userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 36\n**Column:** 384\n**Source Object:** userid\n**Number:** 36\n**Code:** session.setAttribute(\"userid\", userid);\n-----\n N/A N/A None None S3 None None db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1 /root/basket.jsp None None None None None None None None None None 264 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91358,7 +91358,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp None None None None None None None None None None 275 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\n\n**Line Number:** 24\n**Column:** 377\n**Source Object:** conn\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 398\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 24\n**Column:** 370\n**Source Object:** stmt\n**Number:** 24\n**Code:** PreparedStatement stmt = conn.prepareStatement(\"INSERT INTO Comments (name, comment) VALUES (?, ?)\");\n-----\n**Line Number:** 27\n**Column:** 353\n**Source Object:** stmt\n**Number:** 27\n**Code:** stmt.setString(1, username);\n-----\n**Line Number:** 28\n**Column:** 353\n**Source Object:** stmt\n**Number:** 28\n**Code:** stmt.setString(2, comments);\n-----\n**Line Number:** 29\n**Column:** 365\n**Source Object:** execute\n**Number:** 29\n**Code:** stmt.execute();\n-----\n N/A N/A None None S3 None None 82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b /root/contact.jsp None None None None None None None None None None 275 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91376,7 +91376,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 144 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 144 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91394,7 +91394,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 12 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (home.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\n\n**Line Number:** 1\n**Column:** 688\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1608\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 13\n**Column:** 359\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT COUNT (*) FROM Products\");\n-----\n**Line Number:** 24\n**Column:** 360\n**Source Object:** conn\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 24\n**Column:** 353\n**Source Object:** stmt\n**Number:** 24\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \" + ((int)(Math.random() * count) + 1) + \" AND Products.typeid = ProductTypes.typeid\");\n-----\n**Line Number:** 25\n**Column:** 358\n**Source Object:** stmt\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 25\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 25\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27 /root/home.jsp None None None None None None None None None None 12 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91412,7 +91412,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 76 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 76 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91430,7 +91430,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 208 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (init.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\n\n**Line Number:** 1\n**Column:** 2588\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2872\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 2975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3278\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3375\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3473\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3575\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3673\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3769\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3866\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 3972\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4357\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4511\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4668\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4823\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 4975\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5127\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5279\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5431\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5583\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5733\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 5883\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6033\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6183\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6333\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6483\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6633\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6783\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 6940\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7096\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7257\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7580\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7730\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 7880\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8029\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8179\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8340\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8495\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8656\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8813\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 8966\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9121\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9272\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9653\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9814\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 9976\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10140\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10419\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10506\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10846\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 10986\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11126\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11266\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11407\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11761\n**Source Object:** c\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11779\n**Source Object:** prepareStatement\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 11899\n**Source Object:** execute\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n N/A N/A None None S3 None None 2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2 /root/init.jsp None None None None None None None None None None 208 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91448,7 +91448,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 253 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 253 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91466,7 +91466,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 121 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\n\n**Line Number:** 21\n**Column:** 369\n**Source Object:** conn\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 389\n**Source Object:** createStatement\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 21\n**Column:** 362\n**Source Object:** stmt\n**Number:** 21\n**Code:** Statement stmt = conn.createStatement();\n-----\n N/A N/A None None S3 None None 97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d /root/password.jsp None None None None None None None None None None 121 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91484,7 +91484,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 122 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 122 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91502,7 +91502,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@ page import=\"java.sql.*\" %\u003e\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 254 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\n\n**Line Number:** 1\n**Column:** 691\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 1\n**Column:** 1611\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@ page import=\"java.sql.*\" %>\n-----\n**Line Number:** 97\n**Column:** 353\n**Source Object:** conn\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 373\n**Source Object:** createStatement\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n**Line Number:** 97\n**Column:** 383\n**Source Object:** execute\n**Number:** 97\n**Code:** conn.createStatement().execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28 /root/product.jsp None None None None None None None None None None 254 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91520,7 +91520,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 232 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 232 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91538,7 +91538,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 100 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (score.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\n\n**Line Number:** 13\n**Column:** 360\n**Source Object:** conn\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 381\n**Source Object:** prepareStatement\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 13\n**Column:** 353\n**Source Object:** stmt\n**Number:** 13\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM Score ORDER by scoreid\");\n-----\n**Line Number:** 14\n**Column:** 358\n**Source Object:** stmt\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 14\n**Column:** 375\n**Source Object:** executeQuery\n**Number:** 14\n**Code:** rs = stmt.executeQuery();\n-----\n N/A N/A None None S3 None None 326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201 /root/score.jsp None None None None None None None None None None 100 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91556,7 +91556,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 93 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 93 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91574,7 +91574,7 @@ }, { "fields": { - "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** \u003c%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%\u003e\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 225 N/A None BodgeIt ", + "content": "Improper Resource Shutdown or Release (search.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\n\n**Line Number:** 1\n**Column:** 721\n**Source Object:** conn\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 1\n**Column:** 1641\n**Source Object:** jspInit\n**Number:** 1\n**Code:** <%@page import=\"org.apache.commons.lang3.StringEscapeUtils\"%>\n-----\n**Line Number:** 20\n**Column:** 371\n**Source Object:** conn\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 391\n**Source Object:** createStatement\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 20\n**Column:** 364\n**Source Object:** stmt\n**Number:** 20\n**Code:** Statement stmt = conn.createStatement();\n-----\n**Line Number:** 34\n**Column:** 357\n**Source Object:** stmt\n**Number:** 34\n**Code:** rs = stmt.executeQuery(sql);\n-----\n**Line Number:** 57\n**Column:** 365\n**Source Object:** execute\n**Number:** 57\n**Code:** stmt.execute(\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\");\n-----\n N/A N/A None None S3 None None 763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992 /root/search.jsp None None None None None None None None None None 225 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91592,7 +91592,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 143 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 143 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91610,7 +91610,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 11 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (AdvancedSearch.java) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\n\n**Line Number:** 132\n**Column:** 28\n**Source Object:** e\n**Number:** 132\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 134\n**Column:** 13\n**Source Object:** e\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n**Line Number:** 134\n**Column:** 30\n**Source Object:** printStackTrace\n**Number:** 134\n**Code:** e.printStackTrace(new PrintWriter(sw));\n-----\n N/A N/A None None S3 None None 21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 11 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91628,7 +91628,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 29 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 29 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91646,7 +91646,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 161 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (admin.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=703)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=704)\n\n**Line Number:** 52\n**Column:** 373\n**Source Object:** e\n**Number:** 52\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 53\n**Column:** 387\n**Source Object:** e\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n**Line Number:** 53\n**Column:** 363\n**Source Object:** println\n**Number:** 53\n**Code:** out.println(\"System error.\" + e);\n-----\n N/A N/A None None S3 None None fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00 /root/admin.jsp None None None None None None None None None None 161 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91664,7 +91664,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 235 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 235 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91682,7 +91682,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 103 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=705)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=706)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=707)\n\n**Line Number:** 62\n**Column:** 371\n**Source Object:** e\n**Number:** 62\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 65\n**Column:** 391\n**Source Object:** e\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 65\n**Column:** 365\n**Source Object:** println\n**Number:** 65\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd /root/basket.jsp None None None None None None None None None None 103 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91700,7 +91700,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 49 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 49 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91718,7 +91718,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 181 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (contact.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=708)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=709)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=710)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=711)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=712)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=713)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=714)\n\n**Line Number:** 72\n**Column:** 370\n**Source Object:** e\n**Number:** 72\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 75\n**Column:** 390\n**Source Object:** e\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 75\n**Column:** 364\n**Source Object:** println\n**Number:** 75\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c /root/contact.jsp None None None None None None None None None None 181 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91736,7 +91736,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 129 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 129 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91754,7 +91754,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 261 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (header.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=702)\n\n**Line Number:** 96\n**Column:** 18\n**Source Object:** e\n**Number:** 96\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 99\n**Column:** 28\n**Source Object:** e\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 99\n**Column:** 9\n**Source Object:** println\n**Number:** 99\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215 /root/header.jsp None None None None None None None None None None 261 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91772,7 +91772,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 176 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 176 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91790,7 +91790,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 44 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (home.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=715)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=716)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=717)\n\n**Line Number:** 39\n**Column:** 373\n**Source Object:** e\n**Number:** 39\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 41\n**Column:** 390\n**Source Object:** e\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 41\n**Column:** 364\n**Source Object:** println\n**Number:** 41\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63 /root/home.jsp None None None None None None None None None None 44 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91808,7 +91808,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 256 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 256 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91826,7 +91826,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 124 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (login.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=718)\n\n**Line Number:** 60\n**Column:** 370\n**Source Object:** e\n**Number:** 60\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 63\n**Column:** 390\n**Source Object:** e\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 63\n**Column:** 364\n**Source Object:** println\n**Number:** 63\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb /root/login.jsp None None None None None None None None None None 124 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91844,7 +91844,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 136 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 136 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91862,7 +91862,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 268 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (product.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=719)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=720)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=721)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=722)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=723)\n\n**Line Number:** 95\n**Column:** 373\n**Source Object:** e\n**Number:** 95\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 98\n**Column:** 390\n**Source Object:** e\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 98\n**Column:** 364\n**Source Object:** println\n**Number:** 98\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49 /root/product.jsp None None None None None None None None None None 268 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91880,7 +91880,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 94 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 94 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91898,7 +91898,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") \u003e= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 226 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (register.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=724)\n\n**Line Number:** 64\n**Column:** 374\n**Source Object:** e\n**Number:** 64\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 65\n**Column:** 357\n**Source Object:** e\n**Number:** 65\n**Code:** if (e.getMessage().indexOf(\"Unique constraint violation\") >= 0) {\n-----\n**Line Number:** 70\n**Column:** 392\n**Source Object:** e\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 70\n**Column:** 366\n**Source Object:** println\n**Number:** 70\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19 /root/register.jsp None None None None None None None None None None 226 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91916,7 +91916,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 219 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 219 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91934,7 +91934,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 87 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (score.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=725)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=726)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=727)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=728)\n\n**Line Number:** 35\n**Column:** 373\n**Source Object:** e\n**Number:** 35\n**Code:** } catch (SQLException e) {\n-----\n**Line Number:** 37\n**Column:** 390\n**Source Object:** e\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 37\n**Column:** 364\n**Source Object:** println\n**Number:** 37\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9 /root/score.jsp None None None None None None None None None None 87 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91952,7 +91952,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 107 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 107 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91970,7 +91970,7 @@ }, { "fields": { - "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 239 N/A None BodgeIt ", + "content": "Information Exposure Through an Error Message (search.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=729)\n\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=730)\n\n**Line Number:** 55\n**Column:** 377\n**Source Object:** e\n**Number:** 55\n**Code:** } catch (Exception e) {\n-----\n**Line Number:** 58\n**Column:** 390\n**Source Object:** e\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n**Line Number:** 58\n**Column:** 364\n**Source Object:** println\n**Number:** 58\n**Code:** out.println(\"DEBUG System error: \" + e + \"\");\n-----\n N/A N/A None None S3 None None 641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2 /root/search.jsp None None None None None None None None None None 239 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -91988,7 +91988,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 84 N/A None BodgeIt ", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 84 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92006,7 +92006,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 142 N/A None BodgeIt ", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 142 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92024,7 +92024,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 216 N/A None BodgeIt ", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=83)\n\n**Line Number:** 1\n**Column:** 301\n**Source Object:** CxXmlConfigClass419518315\n**Number:** 1\n**Code:** \n-----\n N/A N/A None None S3 None None 5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3 /build/WEB-INF/web.xml None None None None None None None None None None 216 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92042,7 +92042,7 @@ }, { "fields": { - "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 10 N/A None BodgeIt ", + "content": "Missing X Frame Options (web.xml) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\n\n N/A N/A None None S3 None None 418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869 /root/WEB-INF/web.xml None None None None None None None None None None 10 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92060,7 +92060,7 @@ }, { "fields": { - "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 153 N/A None BodgeIt ", + "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 153 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92078,7 +92078,7 @@ }, { "fields": { - "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 21 N/A None BodgeIt ", + "content": "Not Using a Random IV With CBC Mode (AES.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\n\n**Line Number:** 96\n**Column:** 71\n**Source Object:** ivBytes\n**Number:** 96\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\n-----\n N/A N/A None None S3 None None e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c /src/com/thebodgeitstore/util/AES.java None None None None None None None None None None 21 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92096,7 +92096,7 @@ }, { "fields": { - "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 180 N/A None BodgeIt ", + "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 180 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92114,7 +92114,7 @@ }, { "fields": { - "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 48 N/A None BodgeIt ", + "content": "Plaintext Storage in a Cookie (basket.jsp) None None N/A Low **Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\n\n**Line Number:** 82\n**Column:** 364\n**Source Object:** \"\"\"\"\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 82\n**Column:** 353\n**Source Object:** basketId\n**Number:** 82\n**Code:** basketId = \"\" + rs.getInt(\"basketid\");\n-----\n**Line Number:** 84\n**Column:** 391\n**Source Object:** basketId\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81 /root/basket.jsp None None None None None None None None None None 48 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92132,7 +92132,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 70 N/A None BodgeIt ", + "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 70 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92150,7 +92150,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 202 N/A None BodgeIt ", + "content": "Race Condition Format Flaw (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=75)\n\n**Line Number:** 262\n**Column:** 399\n**Source Object:** format\n**Number:** 262\n**Code:** out.println(\"\" + nf.format(pricetopay) + \"\");\n-----\n N/A N/A None None S3 None None 3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a /root/basket.jsp None None None None None None None None None None 202 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92168,7 +92168,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 130 N/A None BodgeIt ", + "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 130 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92186,7 +92186,7 @@ }, { "fields": { - "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 262 N/A None BodgeIt ", + "content": "Race Condition Format Flaw (product.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=79)\n\n**Line Number:** 51\n**Column:** 400\n**Source Object:** format\n**Number:** 51\n**Code:** \"\" + nf.format(price) + \"\");\n-----\n N/A N/A None None S3 None None b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1 /root/product.jsp None None None None None None None None None None 262 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92204,7 +92204,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 30 N/A None BodgeIt ", + "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 30 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92222,7 +92222,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 162 N/A None BodgeIt ", + "content": "Reliance on Cookies in a Decision (basket.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\n\n**Line Number:** 38\n**Column:** 388\n**Source Object:** getCookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 360\n**Source Object:** cookies\n**Number:** 38\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 41\n**Column:** 373\n**Source Object:** cookies\n**Number:** 41\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 42\n**Column:** 392\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 42\n**Column:** 357\n**Source Object:** cookie\n**Number:** 42\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 43\n**Column:** 365\n**Source Object:** cookie\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 380\n**Source Object:** getValue\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 43\n**Column:** 354\n**Source Object:** basketId\n**Number:** 43\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 240\n**Column:** 440\n**Source Object:** basketId\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 380\n**Source Object:** prepareStatement\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 240\n**Column:** 352\n**Source Object:** stmt\n**Number:** 240\n**Code:** stmt = conn.prepareStatement(\"SELECT * FROM BasketContents, Products where basketid=\" + basketId +\n-----\n**Line Number:** 242\n**Column:** 357\n**Source Object:** stmt\n**Number:** 242\n**Code:** rs = stmt.executeQuery();\n-----\n**Line Number:** 280\n**Column:** 356\n**Source Object:** stmt\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n**Line Number:** 280\n**Column:** 361\n**Source Object:** !=\n**Number:** 280\n**Code:** if (stmt != null) {\n-----\n N/A N/A None None S3 None None bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717 /root/basket.jsp None None None None None None None None None None 162 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92240,7 +92240,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 109 N/A None BodgeIt ", + "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 109 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92258,7 +92258,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 241 N/A None BodgeIt ", + "content": "Reliance on Cookies in a Decision (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\n\n**Line Number:** 35\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 35\n**Column:** 362\n**Source Object:** cookies\n**Number:** 35\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 38\n**Column:** 375\n**Source Object:** cookies\n**Number:** 38\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 39\n**Column:** 394\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 39\n**Column:** 359\n**Source Object:** cookie\n**Number:** 39\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 40\n**Column:** 367\n**Source Object:** cookie\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 382\n**Source Object:** getValue\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 40\n**Column:** 356\n**Source Object:** basketId\n**Number:** 40\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 45\n**Column:** 357\n**Source Object:** basketId\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 45\n**Column:** 366\n**Source Object:** !=\n**Number:** 45\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9 /root/login.jsp None None None None None None None None None None 241 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92276,7 +92276,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 221 N/A None BodgeIt ", + "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 221 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92294,7 +92294,7 @@ }, { "fields": { - "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") \u0026\u0026 cookie.getValue().length() \u003e 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 89 N/A None BodgeIt ", + "content": "Reliance on Cookies in a Decision (register.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\n\n**Line Number:** 46\n**Column:** 390\n**Source Object:** getCookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 46\n**Column:** 362\n**Source Object:** cookies\n**Number:** 46\n**Code:** Cookie[] cookies = request.getCookies();\n-----\n**Line Number:** 49\n**Column:** 375\n**Source Object:** cookies\n**Number:** 49\n**Code:** for (Cookie cookie : cookies) {\n-----\n**Line Number:** 50\n**Column:** 394\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 50\n**Column:** 359\n**Source Object:** cookie\n**Number:** 50\n**Code:** if (cookie.getName().equals(\"b_id\") && cookie.getValue().length() > 0) {\n-----\n**Line Number:** 51\n**Column:** 367\n**Source Object:** cookie\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 382\n**Source Object:** getValue\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 51\n**Column:** 356\n**Source Object:** basketId\n**Number:** 51\n**Code:** basketId = cookie.getValue();\n-----\n**Line Number:** 56\n**Column:** 357\n**Source Object:** basketId\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n**Line Number:** 56\n**Column:** 366\n**Source Object:** !=\n**Number:** 56\n**Code:** if (basketId != null) {\n-----\n N/A N/A None None S3 None None 84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41 /root/register.jsp None None None None None None None None None None 89 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92312,7 +92312,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 218 N/A None BodgeIt ", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 218 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92330,7 +92330,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 86 N/A None BodgeIt ", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\n\n**Line Number:** 84\n**Column:** 372\n**Source Object:** Cookie\n**Number:** 84\n**Code:** response.addCookie(new Cookie(\"b_id\", basketId));\n-----\n N/A N/A None None S3 None None 7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb /root/basket.jsp None None None None None None None None None None 86 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92348,7 +92348,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 37 N/A None BodgeIt ", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 37 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92366,7 +92366,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 169 N/A None BodgeIt ", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\n\n**Line Number:** 56\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 56\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None 0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03 /root/login.jsp None None None None None None None None None None 169 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92384,7 +92384,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 128 N/A None BodgeIt ", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 128 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92402,7 +92402,7 @@ }, { "fields": { - "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 260 N/A None BodgeIt ", + "content": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp) None None N/A Low **Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\n\n**Line Number:** 61\n**Column:** 373\n**Source Object:** Cookie\n**Number:** 61\n**Code:** response.addCookie(new Cookie(\"b_id\", \"\"));\n-----\n N/A N/A None None S3 None None ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99 /root/register.jsp None None None None None None None None None None 260 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92420,7 +92420,7 @@ }, { "fields": { - "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 23 N/A None BodgeIt ", + "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 23 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92438,7 +92438,7 @@ }, { "fields": { - "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 155 N/A None BodgeIt ", + "content": "Stored Boundary Violation (login.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Stored\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\n\n**Line Number:** 15\n**Column:** 374\n**Source Object:** executeQuery\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 15\n**Column:** 352\n**Source Object:** rs\n**Number:** 15\n**Code:** rs = stmt.executeQuery(\"SELECT * FROM Users WHERE (name = '\" + username + \"' AND password = '\" + password + \"')\");\n-----\n**Line Number:** 16\n**Column:** 356\n**Source Object:** rs\n**Number:** 16\n**Code:** if (rs.next()) {\n-----\n**Line Number:** 21\n**Column:** 374\n**Source Object:** rs\n**Number:** 21\n**Code:** String userid = \"\" + rs.getInt(\"userid\");\n-----\n**Line Number:** 22\n**Column:** 386\n**Source Object:** rs\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n**Line Number:** 22\n**Column:** 398\n**Source Object:** getString\n**Number:** 22\n**Code:** session.setAttribute(\"username\", rs.getString(\"name\"));\n-----\n N/A N/A None None S3 None None b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca /root/login.jsp None None None None None None None None None None 155 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92456,7 +92456,7 @@ }, { "fields": { - "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 205 N/A None BodgeIt ", + "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 205 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92474,7 +92474,7 @@ }, { "fields": { - "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 73 N/A None BodgeIt ", + "content": "Suspected XSS (contact.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=314)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=315)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=316)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=317)\n\n**Line Number:** 7\n**Column:** 357\n**Source Object:** username\n**Number:** 7\n**Code:** String username = (String) session.getAttribute(\"username\");\n-----\n**Line Number:** 89\n**Column:** 356\n**Source Object:** username\n**Number:** 89\n**Code:** \n-----\n N/A N/A None None S3 None None cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a /root/contact.jsp None None None None None None None None None None 73 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92492,7 +92492,7 @@ }, { "fields": { - "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003c%=username%\u003e\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 171 N/A None BodgeIt ", + "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 171 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92510,7 +92510,7 @@ }, { "fields": { - "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid;=44\u0026pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** \u003c%=username%\u003e\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 39 N/A None BodgeIt ", + "content": "Suspected XSS (password.jsp) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=318)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=319)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=320)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=321)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=322)\n\n**Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid;=44&pathid;=323)\n\n**Line Number:** 57\n**Column:** 360\n**Source Object:** username\n**Number:** 57\n**Code:** <%=username%>\n-----\n N/A N/A None None S3 None None ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17 /root/password.jsp None None None None None None None None None None 39 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92528,7 +92528,7 @@ }, { "fields": { - "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 243 N/A None BodgeIt ", + "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 243 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92546,7 +92546,7 @@ }, { "fields": { - "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074\u0026projectid=44\u0026pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 111 N/A None BodgeIt ", + "content": "Unsynchronized Access to Shared Data (AdvancedSearch.java) None None N/A Low **Category:** \n**Language:** Java\n**Group:** Java Low Visibility\n**Status:** New\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\n\n**Line Number:** 93\n**Column:** 24\n**Source Object:** jsonEmpty\n**Number:** 93\n**Code:** return this.jsonEmpty;\n-----\n N/A N/A None None S3 None None dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87 /src/com/thebodgeitstore/search/AdvancedSearch.java None None None None None None None None None None 111 N/A None BodgeIt ", "content_type": [ "dojo", "finding" @@ -92960,7 +92960,7 @@ }, { "fields": { - "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers high web production purchased 3 Billing", + "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable\u2014where the company enters money received\r\n* Accounts payable\u2014where the company enters its bills and pays money it owes\r\n* General ledger\u2014the company's \"books\"\r\n* Billing\u2014where the company produces invoices to clients/customers high web production purchased 3 Billing", "content_type": [ "dojo", "product" @@ -93348,4 +93348,4 @@ "model": "authtoken.token", "pk": "6d45bc1d2e5cea8c4559edd68f910cc485f61708" } -] +] \ No newline at end of file diff --git a/dojo/group/utils.py b/dojo/group/utils.py index d2245dac2a6..bf3fd65e9c5 100644 --- a/dojo/group/utils.py +++ b/dojo/group/utils.py @@ -1,5 +1,4 @@ from crum import get_current_user -from django.conf import settings from django.contrib.auth.models import Group from django.db.models.signals import post_delete, post_save from django.dispatch import receiver @@ -32,7 +31,7 @@ def group_post_save_handler(sender, **kwargs): group.auth_group = auth_group group.save() user = get_current_user() - if user and not settings.AZUREAD_TENANT_OAUTH2_GET_GROUPS: + if user and not group.social_provider: # Add the current user as the owner of the group member = Dojo_Group_Member() member.user = user diff --git a/dojo/location/models.py b/dojo/location/models.py index b0446673f33..3ab313ace87 100644 --- a/dojo/location/models.py +++ b/dojo/location/models.py @@ -2,7 +2,6 @@ from typing import TYPE_CHECKING, Self, TypeVar -from auditlog.registry import auditlog from django.db import transaction from django.db.models import ( CASCADE, @@ -34,7 +33,6 @@ ) from dojo.location.status import FindingLocationStatus, ProductLocationStatus from dojo.models import Dojo_User, Finding, Product, _manage_inherited_tags, copy_model_util -from dojo.settings import settings from dojo.tools.locations import LocationAssociationData if TYPE_CHECKING: @@ -454,7 +452,3 @@ class Meta: def __str__(self) -> str: """Return the string representation of a LocationProductReference.""" return f"{self.location} - Product: {self.product} ({self.status})" - - -if settings.ENABLE_AUDITLOG: - auditlog.register(Location) diff --git a/dojo/management/commands/csv_findings_export.py b/dojo/management/commands/csv_findings_export.py index c90106ecc4b..839fd540320 100644 --- a/dojo/management/commands/csv_findings_export.py +++ b/dojo/management/commands/csv_findings_export.py @@ -23,30 +23,31 @@ def handle(self, *args, **options): findings = Finding.objects.filter(verified=True, active=True).select_related( "test__engagement__product") - writer = csv.writer(file_path.open("w", encoding="utf-8")) - - headers = [ - "product_name", - "id", - "title", - "cwe", - "date", - "url", - "severity", - ] - - # for field in opts.fields: - # headers.append(field.name) - - writer.writerow(headers) - for obj in findings: - row = [] - row.append(obj.test.engagement.product) - for field in headers: - if field != "product_name": - value = getattr(obj, field) - if isinstance(value, str): - value = value.encode("utf-8").strip() - - row.append(value) - writer.writerow(row) + with file_path.open("w", encoding="utf-8", newline="") as fout: + writer = csv.writer(fout) + + headers = [ + "product_name", + "id", + "title", + "cwe", + "date", + "url", + "severity", + ] + + # for field in opts.fields: + # headers.append(field.name) + + writer.writerow(headers) + for obj in findings: + row = [] + row.append(obj.test.engagement.product) + for field in headers: + if field != "product_name": + value = getattr(obj, field) + if isinstance(value, str): + value = value.encode("utf-8").strip() + + row.append(value) + writer.writerow(row) diff --git a/dojo/management/commands/import_surveys.py b/dojo/management/commands/import_surveys.py index 000557487cc..3dcbde0a583 100644 --- a/dojo/management/commands/import_surveys.py +++ b/dojo/management/commands/import_surveys.py @@ -24,7 +24,8 @@ def handle(self, *args, **options): ctype_id = row[0] # Find the current id in the surveys file path = Path(__file__).parent.parent.parent / "fixtures" / "initial_surveys.json" - contents = path.open(encoding="utf-8").readlines() + with path.open(encoding="utf-8") as fin: + contents = fin.readlines() for line in contents: if '"polymorphic_ctype": ' in line: matchedLine = line diff --git a/dojo/models.py b/dojo/models.py index b5a58140045..430de3d132e 100644 --- a/dojo/models.py +++ b/dojo/models.py @@ -2381,6 +2381,55 @@ def __str__(self): class Finding(BaseModel): + # Fields loaded when performing deduplication (used by get_finding_models_for_deduplication + # and build_candidate_scope_queryset to restrict the SELECT to only what is needed). + # Covers the union of all deduplication algorithms so that a single queryset works + # regardless of which algorithm is in use. Large text fields (description, mitigation, + # impact, references, …) are intentionally excluded. + DEDUPLICATION_FIELDS = [ + "id", + # FK required for select_related("test") — must not be deferred + "test", + # Fields written by set_duplicate + "duplicate", + "active", + "verified", + "duplicate_finding", + # Guard checks in set_duplicate + "is_mitigated", + "mitigated", + "out_of_scope", + "false_p", + # Accessed by status() (debug logging only) + "under_review", + "risk_accepted", + # Used by hash-code and legacy algorithms for endpoint/location matching + "dynamic_finding", + "static_finding", + # Algorithm-specific matching fields + "hash_code", # hash_code, uid_or_hash, legacy + "unique_id_from_tool", # unique_id, uid_or_hash + "title", # legacy + "cwe", # legacy + "file_path", # legacy + "line", # legacy + ] + + # Large text fields deferred in build_candidate_scope_queryset. These are + # never accessed during deduplication or reimport candidate matching, so + # excluding them reduces the data loaded for every candidate finding. + DEDUPLICATION_DEFERRED_FIELDS = [ + "description", + "mitigation", + "impact", + "steps_to_reproduce", + "severity_justification", + "references", + "url", + "cvssv3", + "cvssv4", + ] + title = models.CharField(max_length=511, verbose_name=_("Title"), help_text=_("A short description of the flaw.")) diff --git a/dojo/reports/widgets.py b/dojo/reports/widgets.py index e71a7168b70..aa88d9a4884 100644 --- a/dojo/reports/widgets.py +++ b/dojo/reports/widgets.py @@ -3,6 +3,7 @@ from collections import OrderedDict from django import forms +from django.conf import settings from django.forms import Widget from django.forms.utils import flatatt from django.http import QueryDict @@ -23,7 +24,6 @@ from dojo.location.status import FindingLocationStatus from dojo.models import Endpoint, Finding from dojo.reports.queries import prefetch_related_endpoints_for_report, prefetch_related_findings_for_report -from dojo.settings import settings from dojo.url.filters import URLFilter from dojo.utils import get_page_items, get_system_setting, get_words_for_field diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 4bf0fbc651e..6b5c95b371c 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1488,6 +1488,8 @@ def saml2_attrib_map_format(din): "Snyk Issue API Scan": ["vuln_id_from_tool", "file_path"], "OpenReports": ["vulnerability_ids", "component_name", "component_version", "severity"], "n0s1 Scanner": ["description"], + "IriusRisk Threats Scan": ["title", "component_name"], + "Orca Security Alerts": ["title", "component_name"], } # Override the hardcoded settings here via the env var @@ -1752,6 +1754,8 @@ def saml2_attrib_map_format(din): "OpenVAS Parser v2": DEDUPE_ALGO_HASH_CODE, "Snyk Issue API Scan": DEDUPE_ALGO_HASH_CODE, "OpenReports": DEDUPE_ALGO_HASH_CODE, + "IriusRisk Threats Scan": DEDUPE_ALGO_HASH_CODE, + "Orca Security Alerts": DEDUPE_ALGO_HASH_CODE, } # Override the hardcoded settings here via the env var diff --git a/dojo/templates/dojo/groups.html b/dojo/templates/dojo/groups.html index 28e794b66e2..94e69f1d710 100644 --- a/dojo/templates/dojo/groups.html +++ b/dojo/templates/dojo/groups.html @@ -83,7 +83,7 @@

- {{ g.name }} + {{ g.name }}{% if g.social_provider %}
{{ g.social_provider }}
{% endif %} {{ g.description }} {{ g.users.all|length }} {% if g.global_role.role %} {{ g.global_role.role }} {% endif %} diff --git a/dojo/templates/dojo/verify_finding.html b/dojo/templates/dojo/verify_finding.html new file mode 100644 index 00000000000..f07cca04143 --- /dev/null +++ b/dojo/templates/dojo/verify_finding.html @@ -0,0 +1,18 @@ +{% extends "base.html" %} +{% load i18n %} + +{% block content %} + {{ block.super }} +

{% trans "Verify Finding" %}

+

{{ finding.title }}

+

{% trans "Use this form to mark the finding as verified. Adding a comment is optional." %}

+
+ {% csrf_token %} + {% include "dojo/form_fields.html" with form=form %} +
+
+ +
+
+
+{% endblock %} diff --git a/dojo/templates/dojo/view_finding.html b/dojo/templates/dojo/view_finding.html index 8ccbf55fb11..774c5438dd6 100755 --- a/dojo/templates/dojo/view_finding.html +++ b/dojo/templates/dojo/view_finding.html @@ -126,6 +126,13 @@

{% else %} + {% if not finding.verified %} +
  • + + Verify Finding + +
    • + {% endif %}
  • Close Finding @@ -1191,7 +1198,7 @@

    Credential
    - ProTip! Type e to edit any finding, p and n to navigate to the previous or next finding. + ProTip! Type e to edit any finding, p and n to navigate to the previous or next finding, v to verify, and c to close the finding.
    {% endblock %} @@ -1204,6 +1211,9 @@

    Credential var firstID = {% if findings_list.0 %}{{findings_list.0}}{% else %}null{% endif %}; var currentID = {% if finding.id %}{{finding.id}}{% else %}null{% endif %}; var lastID = {% if findings_list_lastElement %}{{findings_list_lastElement}}{% else %}null{% endif %}; + var canEditFinding = {% if finding|has_object_permission:"Finding_Edit" %}true{% else %}false{% endif %}; + var findingIsMitigated = {% if finding.mitigated %}true{% else %}false{% endif %}; + var findingIsVerified = {% if finding.verified %}true{% else %}false{% endif %}; if(currentID != firstID) { $('.PrevAndNext_Buttons').append('Previous Finding '); @@ -1283,6 +1293,34 @@

    Credential window.location.assign('{% url 'view_finding' next_finding_id %}'); }); + $(document).on('keypress', null, 'v', function () { + if (!canEditFinding) { + alert('You do not have permission to verify this finding.'); + return; + } + if (findingIsMitigated) { + alert('Finding is already closed and cannot be verified.'); + return; + } + if (findingIsVerified) { + alert('Finding has already been verified.'); + return; + } + window.location.assign('{% url 'verify_finding' finding.id %}'); + }); + + $(document).on('keypress', null, 'c', function () { + if (!canEditFinding) { + alert('You do not have permission to close this finding.'); + return; + } + if (findingIsMitigated) { + alert('Finding has already been closed.'); + return; + } + window.location.assign('{% url 'close_finding' finding.id %}'); + }); + $('a.delete-finding').on('click', function (e) { if (confirm('Are you sure you want to delete this finding?')) { $("form#delete-finding-form").submit(); diff --git a/dojo/templates/dojo/view_group.html b/dojo/templates/dojo/view_group.html index 7a03c173983..deff33defe7 100644 --- a/dojo/templates/dojo/view_group.html +++ b/dojo/templates/dojo/view_group.html @@ -3,7 +3,7 @@ {% load authorization_tags %} {% block content %} -

    Group: {{ group.name }}

    +

    Group: {{ group.name }}{% if group.social_provider %}
    {{ group.social_provider }}
    {% endif %}

    diff --git a/dojo/tools/api_sonarqube/api_client.py b/dojo/tools/api_sonarqube/api_client.py index 91a7673c812..e7d78fae1da 100644 --- a/dojo/tools/api_sonarqube/api_client.py +++ b/dojo/tools/api_sonarqube/api_client.py @@ -496,9 +496,14 @@ def test_connection(self): def test_product_connection(self, api_scan_configuration): organization = api_scan_configuration.service_key_2 or None - project = self.get_project( - api_scan_configuration.service_key_1, organization=organization, - ) + if api_scan_configuration.service_key_1: + project = self.get_project( + api_scan_configuration.service_key_1, organization=organization, + ) + else: + project = self.find_project( + api_scan_configuration.product.name, organization=organization, + ) project_name = project.get("name") message_prefix = "You have access to project" return ( diff --git a/dojo/tools/awssecurityhub/inspector.py b/dojo/tools/awssecurityhub/inspector.py index 8e78ec71f9a..022aca4238a 100644 --- a/dojo/tools/awssecurityhub/inspector.py +++ b/dojo/tools/awssecurityhub/inspector.py @@ -4,6 +4,7 @@ from dojo.models import Endpoint, Finding from dojo.tools.locations import LocationData +from dojo.utils import parse_cvss_data SEVERITY_MAP = { "INFORMATIONAL": "Info", @@ -31,6 +32,7 @@ def get_item(self, finding: dict, test): references = [] unsaved_vulnerability_ids = [] epss_score = finding.get("EpssScore") + cvss_data = {} description = f"This is an Inspector Finding\n{finding.get('Description', '')}" + "\n" description += f"**AWS Finding ARN:** {finding_id}\n" description += f"**AwsAccountId:** {finding.get('AwsAccountId', '')}\n" @@ -52,6 +54,10 @@ def get_item(self, finding: dict, test): references.append(vendor_url) if vulnerability.get("EpssScore") is not None: epss_score = vulnerability.get("EpssScore") + # Extract and validate CVSS vectors using the common parse_cvss_data helper + for cvss_entry in vulnerability.get("Cvss", []): + if not cvss_data and cvss_entry.get("BaseVector"): + cvss_data = parse_cvss_data(cvss_entry.get("BaseVector")) if finding.get("ProductFields", {}).get("aws/inspector/FindingStatus", "ACTIVE") == "ACTIVE": mitigated = None is_Mitigated = False @@ -120,6 +126,22 @@ def get_item(self, finding: dict, test): result.unsaved_endpoints = locations if epss_score is not None: result.epss_score = epss_score + if cvss_data: + if cvss_data.get("cvssv3"): + result.cvssv3 = cvss_data["cvssv3"] + if cvss_data.get("cvssv4"): + result.cvssv4 = cvss_data["cvssv4"] + # Build severity justification from available CVSS data + severity_parts = [] + if cvss_data.get("cvssv3"): + severity_parts.append(f"CVSS v3 vector: {cvss_data['cvssv3']}") + if cvss_data.get("cvssv4"): + severity_parts.append(f"CVSS v4 vector: {cvss_data['cvssv4']}") + severity_label = finding.get("Severity", {}).get("Label", "") + if severity_label: + severity_parts.append(f"AWS severity: {severity_label}") + if severity_parts: + result.severity_justification = "\n".join(severity_parts) # Add the unsaved vulnerability ids result.unsaved_vulnerability_ids = unsaved_vulnerability_ids return result diff --git a/dojo/tools/dependency_track/parser.py b/dojo/tools/dependency_track/parser.py index 657806c5c8c..3327559e2f8 100644 --- a/dojo/tools/dependency_track/parser.py +++ b/dojo/tools/dependency_track/parser.py @@ -1,17 +1,19 @@ import json import logging +from dateutil import parser from django.conf import settings from dojo.models import Finding from dojo.tools.locations import LocationData +from dojo.utils import parse_cvss_data logger = logging.getLogger(__name__) class DependencyTrackParser: - """ + r""" A class that can be used to parse the JSON Finding Packaging Format (FPF) export from OWASP Dependency Track. See here for more info on this JSON format: https://docs.dependencytrack.org/integrations/file-formats/ @@ -19,71 +21,95 @@ class DependencyTrackParser: A typical Finding Packaging Format (FPF) export looks like the following: { + "version": "1.3", + "meta" : { + "application": "Dependency-Track", + "version": "4.5.0", + "timestamp": "2022-02-18T23:31:42Z", + "baseUrl": "http://dtrack.example.org" + }, + "project" : { + "uuid": "ca4f2da9-0fad-4a13-92d7-f627f3168a56", + "name": "Acme Example", "version": "1.0", - "meta" : { - "application": "Dependency-Track", - "version": "3.4.0", - "timestamp": "2018-11-18T23:31:42Z", - "baseUrl": "http://dtrack.example.org" + "description": "A sample application" + }, + "findings" : [ + { + "component": { + "uuid": "b815b581-fec1-4374-a871-68862a8f8d52", + "name": "timespan", + "version": "2.3.0", + "purl": "pkg:npm/timespan@2.3.0", + "latestVersion": "3.2.0" + }, + "vulnerability": { + "uuid": "115b80bb-46c4-41d1-9f10-8a175d4abb46", + "source": "NPM", + "vulnId": "533", + "title": "Regular Expression Denial of Service", + "subtitle": "timespan", + "severity": "LOW", + "severityRank": 3, + "cvssV2Vector": "CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P", + "cvssV3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "cvssV4Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", + "references": "* [https://example.com](https://example.com)\n* [https://example.org](https://example.org)", + "published": "2025-07-11 03:16:03.563", + "cweId": 400, + "cweName": "Uncontrolled Resource Consumption ('Resource Exhaustion')", + "cwes": [ + { + "cweId": 400, + "name": "Uncontrolled Resource Consumption ('Resource Exhaustion')" + } + ], + "description": "Affected versions of `timespan`...", + "recommendation": "No direct patch is available..." }, - "project" : { - "uuid": "ca4f2da9-0fad-4a13-92d7-f627f3168a56", - "name": "Acme Example", - "version": "1.0", - "description": "A sample application" + "analysis": { + "state": "NOT_SET", + "isSuppressed": false }, - "findings" : [ + "matrix": "ca4f2da9-0fad-4a13-92d7-f627f3168a56:b815b581-fec1-4374-a871-68862a8f8d52:115b80bb-46c4-41d1-9f10-8a175d4abb46" + }, + { + "component": { + "uuid": "979f87f5-eaf5-4095-9d38-cde17bf9228e", + "name": "uglify-js", + "version": "2.4.24", + "purl": "pkg:npm/uglify-js@2.4.24" + }, + "vulnerability": { + "uuid": "701a3953-666b-4b7a-96ca-e1e6a3e1def3", + "source": "NPM", + "vulnId": "48", + "aliases": [ { - "component": { - "uuid": "b815b581-fec1-4374-a871-68862a8f8d52", - "name": "timespan", - "version": "2.3.0", - "purl": "pkg:npm/timespan@2.3.0" - }, - "vulnerability": { - "uuid": "115b80bb-46c4-41d1-9f10-8a175d4abb46", - "source": "NPM", - "vulnId": "533", - "title": "Regular Expression Denial of Service", - "subtitle": "timespan", - "severity": "LOW", - "severityRank": 3, - "cweId": 400, - "cweName": "Uncontrolled Resource Consumption ('Resource Exhaustion')", - "description": "Affected versions of `timespan`...", - "recommendation": "No direct patch is available..." - }, - "analysis": { - "state": "NOT_SET", - "isSuppressed": false - }, - "matrix": "ca4f2da9-0fad-4a13-92d7-f627f3168a56:b815b581-fec1-4374-a871-68862a8f8d52:115b80bb-46c4-41d1-9f10-8a175d4abb46" - }, + "cveId": "CVE-2022-2053", + "ghsaId": "GHSA-95rf-557x-44g5" + } + ], + "title": "Regular Expression Denial of Service", + "subtitle": "uglify-js", + "severity": "LOW", + "severityRank": 3, + "cweId": 400, + "cweName": "Uncontrolled Resource Consumption ('Resource Exhaustion')", + "cwes": [ { - "component": { - "uuid": "979f87f5-eaf5-4095-9d38-cde17bf9228e", - "name": "uglify-js", - "version": "2.4.24", - "purl": "pkg:npm/uglify-js@2.4.24" - }, - "vulnerability": { - "uuid": "701a3953-666b-4b7a-96ca-e1e6a3e1def3", - "source": "NPM", - "vulnId": "48", - "title": "Regular Expression Denial of Service", - "subtitle": "uglify-js", - "severity": "LOW", - "severityRank": 3, - "cweId": 400, - "cweName": "Uncontrolled Resource Consumption ('Resource Exhaustion')", - "description": "Versions of `uglify-js` prior to...", - "recommendation": "Update to version 2.6.0 or later." - }, - "analysis": { - "isSuppressed": false - }, - "matrix": "ca4f2da9-0fad-4a13-92d7-f627f3168a56:979f87f5-eaf5-4095-9d38-cde17bf9228e:701a3953-666b-4b7a-96ca-e1e6a3e1def3" - }] + "cweId": 400, + "name": "Uncontrolled Resource Consumption ('Resource Exhaustion')" + } + ], + "description": "Versions of `uglify-js` prior to...", + "recommendation": "Update to version 2.6.0 or later." + }, + "analysis": { + "isSuppressed": false + }, + "matrix": "ca4f2da9-0fad-4a13-92d7-f627f3168a56:979f87f5-eaf5-4095-9d38-cde17bf9228e:701a3953-666b-4b7a-96ca-e1e6a3e1def3" + }] } """ @@ -216,6 +242,23 @@ def _convert_dependency_track_finding_to_dojo_finding(self, dependency_track_fin # Get the cvss score of the vulnerabililty cvss_score = dependency_track_finding["vulnerability"].get("cvssV3BaseScore") + cvssv3 = None + if "cvssV3Vector" in dependency_track_finding["vulnerability"]: + cvss_vector = dependency_track_finding["vulnerability"]["cvssV3Vector"] + cvss_data = parse_cvss_data(cvss_vector) + if cvss_data: + cvssv3 = cvss_data.get("cvssv3") + cvss_score = cvss_data.get("cvssv3_score") + + cvssv4 = None + cvssv4_score = None + if "cvssV4Vector" in dependency_track_finding["vulnerability"]: + cvss_vector = dependency_track_finding["vulnerability"]["cvssV4Vector"] + cvss_data = parse_cvss_data(cvss_vector) + if cvss_data: + cvssv4 = cvss_data.get("cvssv4") + cvssv4_score = cvss_data.get("cvssv4_score") + # Use the analysis state from Dependency Track to determine if the finding has already been marked as a false positive upstream analysis = dependency_track_finding.get("analysis") is_false_positive = bool(analysis is not None and analysis.get("state") == "FALSE_POSITIVE") @@ -225,6 +268,13 @@ def _convert_dependency_track_finding_to_dojo_finding(self, dependency_track_fin epss_score = dependency_track_finding["vulnerability"].get("epssScore", None) + references = dependency_track_finding["vulnerability"].get("references") + if references: + if isinstance(references, list): + references = "\n".join(references) + + published = dependency_track_finding["vulnerability"].get("published") + # Build and return Finding model finding = Finding( title=title, @@ -238,6 +288,7 @@ def _convert_dependency_track_finding_to_dojo_finding(self, dependency_track_fin file_path=file_path, unique_id_from_tool=unique_id_from_tool, vuln_id_from_tool=vuln_id_from_tool, + references=references, static_finding=True, dynamic_finding=False) @@ -250,6 +301,16 @@ def _convert_dependency_track_finding_to_dojo_finding(self, dependency_track_fin if cvss_score: finding.cvssv3_score = cvss_score + if cvssv3: + finding.cvssv3 = cvssv3 + + if cvssv4_score: + finding.cvssv4_score = cvssv4_score + if cvssv4: + finding.cvssv4 = cvssv4 + + if published: + finding.publish_date = parser.parse(published).date() if epss_score: finding.epss_score = epss_score diff --git a/dojo/tools/iriusrisk/__init__.py b/dojo/tools/iriusrisk/__init__.py new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/dojo/tools/iriusrisk/__init__.py @@ -0,0 +1 @@ + diff --git a/dojo/tools/iriusrisk/parser.py b/dojo/tools/iriusrisk/parser.py new file mode 100644 index 00000000000..fb68b27b00d --- /dev/null +++ b/dojo/tools/iriusrisk/parser.py @@ -0,0 +1,99 @@ +import csv +import io +import re + +from dojo.models import Finding + +SEVERITY_MAPPING = { + "Very low": "Info", + "Low": "Low", + "Medium": "Medium", + "High": "High", + "Critical": "Critical", +} + + +class IriusriskParser: + + def get_scan_types(self): + return ["IriusRisk Threats Scan"] + + def get_label_for_scan_types(self, scan_type): + return scan_type + + def get_description_for_scan_types(self, scan_type): + return "Import IriusRisk threat model CSV exports." + + def get_findings(self, filename, test): + content = filename.read() + if isinstance(content, bytes): + content = content.decode("utf-8") + reader = csv.DictReader(io.StringIO(content), delimiter=",", quotechar='"') + findings = [] + for row in reader: + component = (row.get("Component") or "").strip() + use_case = (row.get("Use case") or "").strip() + source = (row.get("Source") or "").strip() + threat = (row.get("Threat") or "").strip() + risk_response = (row.get("Risk Response") or "").strip() + inherent_risk = (row.get("Inherent Risk") or "").strip() + current_risk = (row.get("Current Risk") or "").strip() + countermeasure_progress = (row.get("Countermeasure progress") or "").strip() + weakness_tests = (row.get("Weakness tests") or "").strip() + countermeasure_tests = (row.get("Countermeasure tests") or "").strip() + projected_risk = (row.get("Projected Risk") or "").strip() + owner = (row.get("Owner") or "").strip() + mitre_reference = (row.get("MITRE reference") or "").strip() + stride_lm = (row.get("STRIDE-LM") or "").strip() + + # Title: truncate to 500 chars with ellipsis if needed + title = threat[:497] + "..." if len(threat) > 500 else threat + + severity = SEVERITY_MAPPING.get(current_risk, "Info") + + # Build description with all available fields + description_parts = [ + f"**Threat:** {threat}", + f"**Component:** {component}", + f"**Use Case:** {use_case}", + f"**Source:** {source}", + f"**Inherent Risk:** {inherent_risk}", + f"**Current Risk:** {current_risk}", + f"**Projected Risk:** {projected_risk}", + f"**Countermeasure Progress:** {countermeasure_progress}", + f"**Weakness Tests:** {weakness_tests}", + f"**Countermeasure Tests:** {countermeasure_tests}", + ] + if owner: + description_parts.append(f"**Owner:** {owner}") + if stride_lm: + description_parts.append(f"**STRIDE-LM:** {stride_lm}") + description = "\n".join(description_parts) + + # Extract CWE from MITRE reference if present + cwe = None + references = "" + if mitre_reference: + cwe_match = re.match(r"CWE-(\d+)", mitre_reference) + if cwe_match: + cwe = int(cwe_match.group(1)) + else: + references = mitre_reference + + finding = Finding( + test=test, + title=title, + severity=severity, + description=description, + mitigation=risk_response, + component_name=component, + active=current_risk != "Very low", + static_finding=False, + dynamic_finding=False, + ) + if cwe: + finding.cwe = cwe + if references: + finding.references = references + findings.append(finding) + return findings diff --git a/dojo/tools/orca_security/__init__.py b/dojo/tools/orca_security/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/dojo/tools/orca_security/csv_parser.py b/dojo/tools/orca_security/csv_parser.py new file mode 100644 index 00000000000..6ca3c5790e2 --- /dev/null +++ b/dojo/tools/orca_security/csv_parser.py @@ -0,0 +1,102 @@ +""" +CSV parser for Orca Security alert exports. + +This module handles parsing of Orca Security alerts exported in CSV format. +The CSV export contains one row per alert with columns for all alert metadata. + +Expected CSV columns: + OrcaScore, Title, Category, Inventory, Inventory.Name, CloudAccount, + CloudAccount.Name, Source, Status, CreatedAt, LastSeen, Labels + +Note: The Labels column contains a JSON-encoded array of strings within the CSV. +""" +import csv +import io +import json + +from dojo.models import Finding +from dojo.tools.orca_security.helpers import ( + build_description, + build_severity_justification, + map_orca_severity, + parse_date, + truncate_title, +) + + +class OrcaSecurityCSVParser: + + """Parse Orca Security CSV alert exports.""" + + def parse(self, content): + """ + Parse CSV content and return a list of Finding objects. + + Args: + content: String containing the CSV file content + + Returns: + list[Finding]: List of DefectDojo Finding objects + + """ + reader = csv.DictReader(io.StringIO(content), delimiter=",", quotechar='"') + findings = [] + + for row in reader: + # Extract all fields from the CSV row + title_raw = (row.get("Title") or "").strip() + category = (row.get("Category") or "").strip() + source = (row.get("Source") or "").strip() + inventory_name = (row.get("Inventory.Name") or "").strip() + cloud_account_name = (row.get("CloudAccount.Name") or "").strip() + orca_score_raw = (row.get("OrcaScore") or "").strip() + status = (row.get("Status") or "").strip() + created_at = (row.get("CreatedAt") or "").strip() + last_seen = (row.get("LastSeen") or "").strip() + labels_raw = (row.get("Labels") or "").strip() + + # Parse labels from JSON string embedded in CSV + # Orca exports labels as a JSON array within the CSV cell + labels = [] + if labels_raw: + try: + labels = json.loads(labels_raw) + except (json.JSONDecodeError, TypeError): + # If JSON parsing fails, treat the raw string as a single label + labels = [labels_raw] + + # Transform fields for DefectDojo + title = truncate_title(title_raw) + severity = map_orca_severity(orca_score_raw) + + # Build structured description with all alert metadata + description = build_description( + title_raw, category, source, inventory_name, cloud_account_name, + orca_score_raw, status, created_at, last_seen, labels, + ) + + # Create the Finding object with all mapped fields + finding = Finding( + title=title, + severity=severity, + description=description, + # Preserve original OrcaScore in severity_justification + severity_justification=build_severity_justification(orca_score_raw), + static_finding=True, # CSPM scan data is static analysis + dynamic_finding=False, + service=source or None, # Source identifies the cloud resource/service + component_name=inventory_name or None, # Inventory is the specific resource + date=parse_date(created_at), + ) + + # Set active status based on Orca's status field + # "open" alerts are active, all other statuses (closed, resolved, etc.) are inactive + finding.active = status.lower() == "open" if status else True + + # Store labels as tags for searchability in DefectDojo + if labels: + finding.unsaved_tags = labels + + findings.append(finding) + + return findings diff --git a/dojo/tools/orca_security/helpers.py b/dojo/tools/orca_security/helpers.py new file mode 100644 index 00000000000..f3f2b4dc2a7 --- /dev/null +++ b/dojo/tools/orca_security/helpers.py @@ -0,0 +1,164 @@ +""" +Shared helper functions for the Orca Security parser. + +This module contains utility functions used by both the CSV and JSON parsers +to ensure consistent behavior across input formats. +""" +from dateutil import parser as dateutil_parser + + +def map_orca_severity(score): + """ + Map OrcaScore (float 0-10) to DefectDojo severity string. + + Orca Security uses a numeric score from 0-10 to indicate severity. + This function converts that to DefectDojo's categorical severity levels. + + Mapping thresholds: + - 0 or invalid -> Info + - 0.1 - 3.9 -> Low + - 4.0 - 6.9 -> Medium + - 7.0 - 8.9 -> High + - 9.0 - 10.0 -> Critical + + Args: + score: The OrcaScore value (can be float, int, string, or None) + + Returns: + str: DefectDojo severity level ("Info", "Low", "Medium", "High", "Critical") + + """ + try: + score = float(score) + except (TypeError, ValueError): + return "Info" + if score <= 0: + return "Info" + if score < 4.0: + return "Low" + if score < 7.0: + return "Medium" + if score < 9.0: + return "High" + return "Critical" + + +def build_severity_justification(orca_score): + """ + Build severity justification string from OrcaScore. + + Preserves the original numeric score in the severity_justification field + so users can see the exact Orca score that determined the severity level. + + Args: + orca_score: The OrcaScore value (can be float, int, string, or None) + + Returns: + str or None: "OrcaScore: X.X" if valid score, None otherwise + + """ + if orca_score is None: + return None + try: + score = float(orca_score) + except (TypeError, ValueError): + return None + else: + return f"OrcaScore: {score}" + + +def parse_date(date_string): + """ + Parse ISO 8601 date string into a Python date object. + + Orca Security exports dates in ISO 8601 format (e.g., "2025-01-15T10:30:00+00:00"). + This function extracts just the date portion for the finding's date field. + + Args: + date_string: ISO 8601 formatted date string, or None/empty string + + Returns: + date or None: Python date object if parsing succeeds, None otherwise + + """ + if not date_string: + return None + try: + return dateutil_parser.parse(date_string).date() + except (ValueError, TypeError): + return None + + +def truncate_title(title, max_length=500): + """ + Truncate title to maximum length with ellipsis suffix. + + DefectDojo has a limit on title length. This function ensures titles + fit within that limit while indicating truncation occurred. + + Args: + title: The original title string, or None/empty string + max_length: Maximum allowed length (default 500 characters) + + Returns: + str: Original title if within limit, truncated with "..." if over, + or "Orca Security Alert" if title is empty/None + + """ + if not title: + return "Orca Security Alert" + if len(title) <= max_length: + return title + return title[: max_length - 3] + "..." + + +def build_description(title, category, source, inventory_name, cloud_account_name, + orca_score, status, created_at, last_seen, labels): + """ + Build a structured markdown description from alert fields. + + Creates a formatted description containing all relevant alert metadata. + Each field is displayed as a bold label followed by its value. + Empty/None fields are omitted from the output. + + Args: + title: Alert title + category: Alert category (e.g., "IAM misconfigurations") + source: Source resource identifier + inventory_name: Name of the affected inventory/resource + cloud_account_name: Name of the cloud account + orca_score: Numeric OrcaScore (0-10) + status: Alert status (e.g., "open", "closed") + created_at: ISO 8601 creation timestamp + last_seen: ISO 8601 last seen timestamp + labels: List of label strings or single label string + + Returns: + str: Markdown-formatted description with all non-empty fields + + """ + parts = [] + if title: + parts.append(f"**Title:** {title}") + if category: + parts.append(f"**Category:** {category}") + if source: + parts.append(f"**Source:** {source}") + if inventory_name: + parts.append(f"**Inventory:** {inventory_name}") + if cloud_account_name: + parts.append(f"**Cloud Account:** {cloud_account_name}") + if orca_score is not None: + parts.append(f"**Orca Score:** {orca_score}") + if status: + parts.append(f"**Status:** {status}") + if created_at: + parts.append(f"**Created:** {created_at}") + if last_seen: + parts.append(f"**Last Seen:** {last_seen}") + if labels: + # Convert list to comma-separated string + labels_str = ", ".join(str(lbl) for lbl in labels) if isinstance(labels, list) else str(labels) + if labels_str: + parts.append(f"**Labels:** {labels_str}") + return "\n\n".join(parts) if parts else "No details available." diff --git a/dojo/tools/orca_security/json_parser.py b/dojo/tools/orca_security/json_parser.py new file mode 100644 index 00000000000..36b95362e9e --- /dev/null +++ b/dojo/tools/orca_security/json_parser.py @@ -0,0 +1,107 @@ +""" +JSON parser for Orca Security alert exports. + +This module handles parsing of Orca Security alerts exported in JSON format. +The JSON export is an array of alert objects with nested structures for +CloudAccount and Inventory fields. + +Expected JSON structure: + [ + { + "Title": "...", + "OrcaScore": 5.1, + "Category": "...", + "Source": "...", + "Status": "open", + "CreatedAt": "2025-01-15T10:30:00+00:00", + "LastSeen": "2025-02-01T12:00:00+00:00", + "Labels": ["label1", "label2"], + "CloudAccount": {"Name": "..."}, + "Inventory": {"Name": "..."} + }, + ... + ] +""" +import json + +from dojo.models import Finding +from dojo.tools.orca_security.helpers import ( + build_description, + build_severity_justification, + map_orca_severity, + parse_date, + truncate_title, +) + + +class OrcaSecurityJSONParser: + + """Parse Orca Security JSON alert exports.""" + + def parse(self, content): + """ + Parse JSON content and return a list of Finding objects. + + Args: + content: String containing the JSON file content (array of alerts) + + Returns: + list[Finding]: List of DefectDojo Finding objects + + """ + data = json.loads(content) + findings = [] + + for item in data: + # Extract top-level fields + title_raw = (item.get("Title") or "").strip() + category = (item.get("Category") or "").strip() + source = (item.get("Source") or "").strip() + status = (item.get("Status") or "").strip() + created_at = (item.get("CreatedAt") or "").strip() + last_seen = (item.get("LastSeen") or "").strip() + orca_score = item.get("OrcaScore") # Keep as numeric, not string + labels = item.get("Labels") or [] # Already a list in JSON + + # Extract nested fields from CloudAccount and Inventory objects + cloud_account = item.get("CloudAccount") or {} + cloud_account_name = (cloud_account.get("Name") or "").strip() + + inventory = item.get("Inventory") or {} + inventory_name = (inventory.get("Name") or "").strip() + + # Transform fields for DefectDojo + title = truncate_title(title_raw) + severity = map_orca_severity(orca_score) + + # Build structured description with all alert metadata + description = build_description( + title_raw, category, source, inventory_name, cloud_account_name, + orca_score, status, created_at, last_seen, labels, + ) + + # Create the Finding object with all mapped fields + finding = Finding( + title=title, + severity=severity, + description=description, + # Preserve original OrcaScore in severity_justification + severity_justification=build_severity_justification(orca_score), + static_finding=True, # CSPM scan data is static analysis + dynamic_finding=False, + service=source or None, # Source identifies the cloud resource/service + component_name=inventory_name or None, # Inventory is the specific resource + date=parse_date(created_at), + ) + + # Set active status based on Orca's status field + # "open" alerts are active, all other statuses (closed, resolved, etc.) are inactive + finding.active = status.lower() == "open" if status else True + + # Store labels as tags for searchability in DefectDojo + if labels: + finding.unsaved_tags = labels + + findings.append(finding) + + return findings diff --git a/dojo/tools/orca_security/parser.py b/dojo/tools/orca_security/parser.py new file mode 100644 index 00000000000..94d3beca11b --- /dev/null +++ b/dojo/tools/orca_security/parser.py @@ -0,0 +1,47 @@ +from dojo.tools.orca_security.csv_parser import OrcaSecurityCSVParser +from dojo.tools.orca_security.json_parser import OrcaSecurityJSONParser + + +class OrcaSecurityParser: + + """Parser for Orca Security alert exports (CSV and JSON).""" + + ID = "Orca Security Alerts" + + def get_scan_types(self): + """Return the scan type identifier for this parser.""" + return [self.ID] + + def get_label_for_scan_types(self, scan_type): + """Return the human-readable label for this scan type.""" + return scan_type + + def get_description_for_scan_types(self, scan_type): + """Return the description shown in the DefectDojo UI.""" + return "Import Orca Security alerts (CSV or JSON export)." + + def get_findings(self, filename, test): + """ + Parse an Orca Security export file and return findings. + + This method auto-detects the file format (CSV vs JSON) by examining + the file content. JSON files start with '[' (array), while CSV files + start with the header row. + + Args: + filename: File-like object containing the Orca Security export + test: DefectDojo Test object to associate findings with + + Returns: + list[Finding]: List of DefectDojo Finding objects + + """ + content = filename.read() + if isinstance(content, bytes): + content = content.decode("utf-8", errors="replace") + content_strip = content.strip() + + # Auto-detect format: JSON arrays start with '[', CSV starts with headers + if content_strip.startswith("["): + return OrcaSecurityJSONParser().parse(content_strip) + return OrcaSecurityCSVParser().parse(content_strip) diff --git a/dojo/tools/qualys/parser.py b/dojo/tools/qualys/parser.py index d1c5f7c1dd4..2030ae7b124 100644 --- a/dojo/tools/qualys/parser.py +++ b/dojo/tools/qualys/parser.py @@ -354,12 +354,14 @@ def parse_finding(host, tree): finding.cvssv3_score = temp.get("CVSS_value") finding.verified = True # manage endpoint/location + host = issue_row["fqdn"] or issue_row["ip_address"] + port = temp.get("port_status") if settings.V3_FEATURE_LOCATIONS: - location = LocationData.url(host=issue_row["fqdn"]) if issue_row["fqdn"] else LocationData.url(host=issue_row["ip_address"]) + location = LocationData.url(host=host, port=int(port) if port else None) finding.unsaved_locations = [location] else: # TODO: Delete this after the move to Locations - location = Endpoint(host=issue_row["fqdn"]) if issue_row["fqdn"] else Endpoint(host=issue_row["ip_address"]) + location = Endpoint(host=host, port=int(port) if port else None) finding.unsaved_endpoints = [location] finding.unsaved_vulnerability_ids = temp.get("cve_list", []) ret_rows.append(finding) diff --git a/dojo/url/ui/views.py b/dojo/url/ui/views.py index 66c164f8b6e..2fe72fc94a8 100644 --- a/dojo/url/ui/views.py +++ b/dojo/url/ui/views.py @@ -8,7 +8,7 @@ from django.core.exceptions import PermissionDenied, ValidationError from django.core.management import call_command from django.db import DEFAULT_DB_ALIAS -from django.http import HttpRequest, HttpResponseRedirect +from django.http import Http404, HttpRequest, HttpResponseRedirect from django.shortcuts import get_object_or_404, render from django.urls import reverse from django.utils import timezone @@ -100,6 +100,14 @@ def process_endpoint_view(request: HttpRequest, location_id: int, *, host_view=F """ location = get_object_or_404(Location, id=location_id) + if location.location_type != URL.get_location_type(): + messages.add_message( + request, + messages.ERROR, + "Viewing this object is only available in the Pro UI.", + extra_tags="alert-danger", + ) + raise Http404 host = location.url.host locations = None metadata = None diff --git a/dojo/utils.py b/dojo/utils.py index a5d8a13ed81..0a7e4f58dbc 100644 --- a/dojo/utils.py +++ b/dojo/utils.py @@ -95,154 +95,6 @@ def get_visible_scan_types(): return Test_Type.objects.filter(active=True) -def do_false_positive_history(finding, *args, **kwargs): - """ - Replicate false positives across product. - - Mark finding as false positive if the same finding was previously marked - as false positive in the same product, beyond that, retroactively mark - all equal findings in the product as false positive (if they weren't already). - The retroactively replication will be also trigerred if the finding passed as - an argument already is a false positive. With this feature we can assure that - on each call of this method all findings in the product complies to the rule - (if one finding is a false positive, all equal findings in the same product also are). - - Args: - finding (:model:`dojo.Finding`): Finding to be replicated - - """ - to_mark_as_fp = set() - - existing_findings = match_finding_to_existing_findings(finding, product=finding.test.engagement.product) - deduplicationLogger.debug( - "FALSE_POSITIVE_HISTORY: Found %i existing findings in the same product", - len(existing_findings), - ) - - existing_fp_findings = existing_findings.filter(false_p=True) - deduplicationLogger.debug( - ( - "FALSE_POSITIVE_HISTORY: Found %i existing findings in the same product " - "that were previously marked as false positive" - ), - len(existing_fp_findings), - ) - - if existing_fp_findings: - finding.false_p = True - to_mark_as_fp.add(finding) - - system_settings = System_Settings.objects.get() - if system_settings.retroactive_false_positive_history: - # Retroactively mark all active existing findings as false positive if this one - # is being (or already was) marked as a false positive - if finding.false_p: - existing_non_fp_findings = existing_findings.filter(active=True).exclude(false_p=True) - to_mark_as_fp.update(set(existing_non_fp_findings)) - - for find in to_mark_as_fp: - deduplicationLogger.debug( - "FALSE_POSITIVE_HISTORY: Marking Finding %i:%s from %s as false positive", - find.id, find.title, find.test.engagement, - ) - try: - find.false_p = True - find.active = False - find.verified = False - super(Finding, find).save(skip_validation=True, *args, **kwargs) - except Exception as e: - deduplicationLogger.debug(str(e)) - - -def match_finding_to_existing_findings(finding, product=None, engagement=None, test=None): - """ - Customizable lookup that returns all existing findings for a given finding. - - Takes one finding as an argument and returns all findings that are equal to it - on the same product, engagement or test. For now, only one custom filter can - be used, so you should choose between product, engagement or test. - The lookup is done based on the deduplication_algorithm of the given finding test. - - Args: - finding (:model:`dojo.Finding`): Finding to be matched - product (:model:`dojo.Product`, optional): Product to filter findings by - engagement (:model:`dojo.Engagement`, optional): Engagement to filter findings by - test (:model:`dojo.Test`, optional): Test to filter findings by - - """ - if product: - custom_filter_type = "product" - custom_filter = {"test__engagement__product": product} - - elif engagement: - custom_filter_type = "engagement" - custom_filter = {"test__engagement": engagement} - - elif test: - custom_filter_type = "test" - custom_filter = {"test": test} - - else: - msg = "No product, engagement or test provided as argument." - raise ValueError(msg) - - deduplication_algorithm = finding.test.deduplication_algorithm - - deduplicationLogger.debug( - "Matching finding %i:%s to existing findings in %s %s using %s as deduplication algorithm.", - finding.id, finding.title, custom_filter_type, list(custom_filter.values())[0], deduplication_algorithm, - ) - - if deduplication_algorithm == "hash_code": - return ( - Finding.objects.filter( - **custom_filter, - hash_code=finding.hash_code, - ).exclude(hash_code=None) - .exclude(id=finding.id) - .order_by("id") - ) - - if deduplication_algorithm == "unique_id_from_tool": - return ( - Finding.objects.filter( - **custom_filter, - unique_id_from_tool=finding.unique_id_from_tool, - ).exclude(unique_id_from_tool=None) - .exclude(id=finding.id) - .order_by("id") - ) - - if deduplication_algorithm == "unique_id_from_tool_or_hash_code": - query = Finding.objects.filter( - Q(**custom_filter), - ( - (Q(hash_code__isnull=False) & Q(hash_code=finding.hash_code)) - | (Q(unique_id_from_tool__isnull=False) & Q(unique_id_from_tool=finding.unique_id_from_tool)) - ), - ).exclude(id=finding.id).order_by("id") - deduplicationLogger.debug(query.query) - return query - - if deduplication_algorithm == "legacy": - # This is the legacy reimport behavior. Although it's pretty flawed and - # doesn't match the legacy algorithm for deduplication, this is left as is for simplicity. - # Re-writing the legacy deduplication here would be complicated and counter-productive. - # If you have use cases going through this section, you're advised to create a deduplication configuration for your parser - logger.debug("Legacy dedupe. In case of issue, you're advised to create a deduplication configuration in order not to go through this section") - return ( - Finding.objects.filter( - **custom_filter, - title__iexact=finding.title, - severity=finding.severity, - numerical_severity=Finding.get_numerical_severity(finding.severity), - ).order_by("id") - ) - - logger.error("Internal error: unexpected deduplication_algorithm: '%s' ", deduplication_algorithm) - return None - - def count_findings(findings: QuerySet) -> tuple[dict["Product", list[int]], dict[str, int]]: agg = ( findings.values(prod_id=F("test__engagement__product_id")) diff --git a/helm/defectdojo/Chart.lock b/helm/defectdojo/Chart.lock index d069fbe7fdd..db730ca2249 100644 --- a/helm/defectdojo/Chart.lock +++ b/helm/defectdojo/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 16.7.27 - name: valkey repository: oci://registry-1.docker.io/cloudpirates - version: 0.17.0 -digest: sha256:2355e860576e477a5ae2678d68eb9e96533ae267e697a5bc9309862343be3867 -generated: "2026-02-17T17:53:07.065483949Z" + version: 0.18.0 +digest: sha256:0c3c6c5c8eee31ac3d9adeb5def442cb014fd97f18c147d01220f9c54d0b00b6 +generated: "2026-03-13T11:58:21.506508399Z" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index ce387be4e33..062a42d2361 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.56.2" +appVersion: "2.57.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.9.18 +version: 1.9.19-dev icon: https://defectdojo.com/hubfs/DefectDojo_favicon.png maintainers: - name: madchap @@ -14,7 +14,7 @@ dependencies: repository: "oci://us-docker.pkg.dev/os-public-container-registry/defectdojo" condition: postgresql.enabled - name: valkey - version: 0.17.0 + version: 0.18.0 repository: "oci://registry-1.docker.io/cloudpirates" condition: valkey.enabled # For correct syntax, check https://artifacthub.io/docs/topics/annotations/helm/ @@ -33,5 +33,5 @@ dependencies: # - kind: security # description: Critical bug annotations: - artifacthub.io/prerelease: "false" - artifacthub.io/changes: "- kind: changed\n description: Bump DefectDojo to 2.56.2\n" + artifacthub.io/prerelease: "true" + artifacthub.io/changes: "- kind: changed\n description: chore(deps)_ update valkey _ tag from 0.17.0 to v0.17.1 (_/defect_/chart.yaml)\n- kind: changed\n description: chore(deps)_ update valkey _ tag from 0.17.1 to v0.18.0 (_/defect_/chart.yaml)\n" diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index ea50ccd89e7..63e9aaf8ad8 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -511,7 +511,7 @@ The HELM schema will be generated for you. # General information about chart values -![Version: 1.9.18](https://img.shields.io/badge/Version-1.9.18-informational?style=flat-square) ![AppVersion: 2.56.2](https://img.shields.io/badge/AppVersion-2.56.2-informational?style=flat-square) +![Version: 1.9.19-dev](https://img.shields.io/badge/Version-1.9.19--dev-informational?style=flat-square) ![AppVersion: 2.57.0-dev](https://img.shields.io/badge/AppVersion-2.57.0--dev-informational?style=flat-square) A Helm chart for Kubernetes to install DefectDojo @@ -525,7 +525,7 @@ A Helm chart for Kubernetes to install DefectDojo | Repository | Name | Version | |------------|------|---------| -| oci://registry-1.docker.io/cloudpirates | valkey | 0.17.0 | +| oci://registry-1.docker.io/cloudpirates | valkey | 0.18.0 | | oci://us-docker.pkg.dev/os-public-container-registry/defectdojo | postgresql | 16.7.27 | ## Values diff --git a/requirements-lint.txt b/requirements-lint.txt index 9ecd6aac7b9..2964b1b4e59 100644 --- a/requirements-lint.txt +++ b/requirements-lint.txt @@ -1 +1 @@ -ruff==0.15.2 +ruff==0.15.6 diff --git a/requirements.txt b/requirements.txt index a752310c04f..e3d1fe46dea 100644 --- a/requirements.txt +++ b/requirements.txt @@ -12,8 +12,8 @@ django-environ==0.13.0 django-filter==25.2 django-imagekit==6.1.0 django-multiselectfield==1.0.1 -django-polymorphic==4.11.1 -django-crispy-forms==2.5 +django-polymorphic==4.11.2 +django-crispy-forms==2.6 django_extensions==4.1 django-slack==5.19.0 django-watson==1.6.3 @@ -33,9 +33,9 @@ Pillow==12.1.1 # required by django-imagekit psycopg[c]==3.3.3 cryptography==46.0.5 python-dateutil==2.9.0.post0 -redis==7.2.0 +redis==7.3.0 requests==2.32.5 -sqlalchemy==2.0.47 # Required by Celery broker transport +sqlalchemy==2.0.48 # Required by Celery broker transport urllib3==2.6.3 uWSGI==2.0.31 vobject==0.9.9 @@ -44,7 +44,7 @@ titlecase==2.4.1 social-auth-app-django==5.6.0 social-auth-core==4.8.5 gitpython==3.1.46 -python-gitlab==8.0.0 +python-gitlab==8.1.0 cpe==1.3.1 packageurl-python==0.17.6 django-crum==0.7.9 @@ -59,14 +59,14 @@ django-fieldsignals==0.8.0 hyperlink==21.0.0 djangosaml2==1.12.0 drf-spectacular==0.29.0 -drf-spectacular-sidecar==2026.1.1 +drf-spectacular-sidecar==2026.3.1 django-ratelimit==4.1.0 argon2-cffi==25.1.0 blackduck==1.1.3 netaddr==1.3.0 -vulners==3.1.6 +vulners==3.1.7 fontawesomefree==6.6.0 PyYAML==6.0.3 pyopenssl==25.3.0 parameterized==0.9.0 -setuptools==82.0.0 +setuptools==82.0.1 diff --git a/unittests/scans/dependency_track/one_finding.json b/unittests/scans/dependency_track/one_finding.json index 8ed4925a664..1bd90e044f6 100644 --- a/unittests/scans/dependency_track/one_finding.json +++ b/unittests/scans/dependency_track/one_finding.json @@ -31,7 +31,11 @@ "cweId": 400, "cweName": "Uncontrolled Resource Consumption ('Resource Exhaustion')", "description": "Affected versions of `timespan`...", - "recommendation": "No direct patch is available..." + "recommendation": "No direct patch is available...", + "cvssV3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "cvssV4Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", + "references": "* [https://example.com](https://example.com)\n* [https://example.org](https://example.org)", + "published": "2025-07-11 03:16:03.563" }, "analysis": { "state": "NOT_SET", diff --git a/unittests/scans/iriusrisk/many_vulns.csv b/unittests/scans/iriusrisk/many_vulns.csv new file mode 100644 index 00000000000..47166dfa2da --- /dev/null +++ b/unittests/scans/iriusrisk/many_vulns.csv @@ -0,0 +1,8 @@ +"Component","Use case","Source","Threat","Risk Response","Inherent Risk","Current Risk","Countermeasure progress","Weakness tests","Countermeasure tests","Projected Risk","Owner","MITRE reference","STRIDE-LM" +"Router","Elevation of Privilege","Created by Rules Engine","Accessing functionality not properly constrained by ACLs","Planned mitigation: 0%. Mitigated: 0%. Unmitigated: 100%.","High","High","0%","Not tested","Not tested","High",,"CWE-284","Elevation of Privilege" +"API UX Authorization Management","Read or Post data","Created by Rules Engine","An adversary attempts to exploit an application by injecting additional, malicious content during its processing","Planned mitigation: 100%. Mitigated: 0%. Unmitigated: 0%.","Medium","Medium","0%","Not tested","Not tested","Very low",,"T1059", +"API BS Connection Interface Reporting","Read or Post data","Created by Rules Engine","An attacker crafts malicious web links and distributes them hoping to induce users to click on the link","Planned mitigation: 34%. Mitigated: 66%. Unmitigated: 0%.","High","Low","66%","Not tested","Not tested","Very low",,, +"app-srec-audit-events","Networking","Created by Rules Engine","Access to network traffic from other containers creates the potential for various types of attacks such as denial of service or spoofing attack","Planned mitigation: 0%. Mitigated: 100%. Unmitigated: 0%.","High","Very low","100%","Not tested","Not tested","Very low",,, +"API BS Service Provider","General","Created by Rules Engine","An attacker injects, manipulates or forges malicious log entries in the log file, allowing her to mislead a log audit, cover traces of attack, or perform other malicious actions","Planned mitigation: 100%. Mitigated: 0%. Unmitigated: 0%.","Medium","Medium","0%","Not tested","Not tested","Very low","John Smith",, +"Database Server","Data Storage","Created by Rules Engine","An attacker targets the database server to exfiltrate sensitive records","Planned mitigation: 0%. Mitigated: 0%. Unmitigated: 100%.","Critical","Critical","0%","Not tested","Not tested","Critical",,, +"Web Application Frontend","Input Validation","Created by Rules Engine","An attacker exploits insufficient input validation across multiple entry points in the web application frontend to inject malicious payloads that bypass security controls and propagate through downstream services including the API gateway, message queue processors, database abstraction layer, and caching infrastructure, potentially leading to remote code execution, privilege escalation, data exfiltration, cross-site scripting, server-side request forgery, and other attack vectors that compromise the confidentiality, integrity, and availability of the entire application stack and its associated microservices architecture","Planned mitigation: 50%. Mitigated: 25%. Unmitigated: 25%.","High","High","25%","Not tested","Not tested","Medium",,"CWE-20","Information Disclosure" diff --git a/unittests/scans/iriusrisk/no_vuln.csv b/unittests/scans/iriusrisk/no_vuln.csv new file mode 100644 index 00000000000..1e1565e6230 --- /dev/null +++ b/unittests/scans/iriusrisk/no_vuln.csv @@ -0,0 +1 @@ +"Component","Use case","Source","Threat","Risk Response","Inherent Risk","Current Risk","Countermeasure progress","Weakness tests","Countermeasure tests","Projected Risk","Owner","MITRE reference","STRIDE-LM" diff --git a/unittests/scans/iriusrisk/one_vuln.csv b/unittests/scans/iriusrisk/one_vuln.csv new file mode 100644 index 00000000000..39f6790681a --- /dev/null +++ b/unittests/scans/iriusrisk/one_vuln.csv @@ -0,0 +1,2 @@ +"Component","Use case","Source","Threat","Risk Response","Inherent Risk","Current Risk","Countermeasure progress","Weakness tests","Countermeasure tests","Projected Risk","Owner","MITRE reference","STRIDE-LM" +"Router","Elevation of Privilege","Created by Rules Engine","Accessing functionality not properly constrained by ACLs","Planned mitigation: 0%. Mitigated: 0%. Unmitigated: 100%.","High","High","0%","Not tested","Not tested","High",,, diff --git a/unittests/scans/orca_security/many_vulns.csv b/unittests/scans/orca_security/many_vulns.csv new file mode 100644 index 00000000000..d5267b8e760 --- /dev/null +++ b/unittests/scans/orca_security/many_vulns.csv @@ -0,0 +1,6 @@ +OrcaScore,Title,Category,Inventory,Inventory.Name,CloudAccount,CloudAccount.Name,Source,Status,CreatedAt,LastSeen,Labels +2.0,Low severity test finding,Best practices,1,ResourceA,1,account-dev,ResourceA,open,2025-01-01T08:00:00+00:00,2025-02-01T08:00:00+00:00,"[""CSPM""]" +5.1,Unused role with policy found,IAM misconfigurations,1,TestRole_abc123,1,account-test,TestRole_abc123,open,2025-01-15T10:30:00+00:00,2025-02-01T12:00:00+00:00,"[""CSPM"",""source: Orca Scan""]" +7.5,Public S3 bucket detected,Data at risk,1,my-public-bucket,1,account-prod,my-public-bucket,open,2025-02-01T14:00:00+00:00,2025-02-03T09:00:00+00:00,"[""CSPM"",""mitre: initial access""]" +9.5,Critical IAM root access key active,IAM misconfigurations,1,root,1,account-prod,root,open,2025-02-02T16:00:00+00:00,2025-02-03T16:00:00+00:00,"[""CSPM"",""critical""]" +0,Informational security note,Best practices,1,InfoResource,1,account-dev,InfoResource,closed,2024-12-01T00:00:00+00:00,2025-01-01T00:00:00+00:00,"[]" diff --git a/unittests/scans/orca_security/many_vulns.json b/unittests/scans/orca_security/many_vulns.json new file mode 100644 index 00000000000..85f75c5479e --- /dev/null +++ b/unittests/scans/orca_security/many_vulns.json @@ -0,0 +1,62 @@ +[ + { + "Title": "Low severity test finding", + "Labels": ["CSPM"], + "CreatedAt": "2025-01-01T08:00:00+00:00", + "Status": "open", + "Category": "Best practices", + "OrcaScore": 2.0, + "Source": "ResourceA", + "LastSeen": "2025-02-01T08:00:00+00:00", + "CloudAccount": {"Name": "account-dev"}, + "Inventory": {"Name": "ResourceA"} + }, + { + "Title": "Unused role with policy found", + "Labels": ["CSPM", "source: Orca Scan"], + "CreatedAt": "2025-01-15T10:30:00+00:00", + "Status": "open", + "Category": "IAM misconfigurations", + "OrcaScore": 5.1, + "Source": "TestRole_abc123", + "LastSeen": "2025-02-01T12:00:00+00:00", + "CloudAccount": {"Name": "account-test"}, + "Inventory": {"Name": "TestRole_abc123"} + }, + { + "Title": "Public S3 bucket detected", + "Labels": ["CSPM", "mitre: initial access"], + "CreatedAt": "2025-02-01T14:00:00+00:00", + "Status": "open", + "Category": "Data at risk", + "OrcaScore": 7.5, + "Source": "my-public-bucket", + "LastSeen": "2025-02-03T09:00:00+00:00", + "CloudAccount": {"Name": "account-prod"}, + "Inventory": {"Name": "my-public-bucket"} + }, + { + "Title": "Critical IAM root access key active", + "Labels": ["CSPM", "critical"], + "CreatedAt": "2025-02-02T16:00:00+00:00", + "Status": "open", + "Category": "IAM misconfigurations", + "OrcaScore": 9.5, + "Source": "root", + "LastSeen": "2025-02-03T16:00:00+00:00", + "CloudAccount": {"Name": "account-prod"}, + "Inventory": {"Name": "root"} + }, + { + "Title": "Informational security note", + "Labels": [], + "CreatedAt": "2024-12-01T00:00:00+00:00", + "Status": "closed", + "Category": "Best practices", + "OrcaScore": 0, + "Source": "InfoResource", + "LastSeen": "2025-01-01T00:00:00+00:00", + "CloudAccount": {"Name": "account-dev"}, + "Inventory": {"Name": "InfoResource"} + } +] diff --git a/unittests/scans/orca_security/no_vuln.csv b/unittests/scans/orca_security/no_vuln.csv new file mode 100644 index 00000000000..c00978d384e --- /dev/null +++ b/unittests/scans/orca_security/no_vuln.csv @@ -0,0 +1 @@ +OrcaScore,Title,Category,Inventory,Inventory.Name,CloudAccount,CloudAccount.Name,Source,Status,CreatedAt,LastSeen,Labels \ No newline at end of file diff --git a/unittests/scans/orca_security/no_vuln.json b/unittests/scans/orca_security/no_vuln.json new file mode 100644 index 00000000000..fe51488c706 --- /dev/null +++ b/unittests/scans/orca_security/no_vuln.json @@ -0,0 +1 @@ +[] diff --git a/unittests/scans/orca_security/one_vuln.csv b/unittests/scans/orca_security/one_vuln.csv new file mode 100644 index 00000000000..93e3ebf5705 --- /dev/null +++ b/unittests/scans/orca_security/one_vuln.csv @@ -0,0 +1,2 @@ +OrcaScore,Title,Category,Inventory,Inventory.Name,CloudAccount,CloudAccount.Name,Source,Status,CreatedAt,LastSeen,Labels +5.1,Unused role with policy found,IAM misconfigurations,1,TestRole_abc123,1,test-account,TestRole_abc123,open,2025-01-15T10:30:00+00:00,2025-02-01T12:00:00+00:00,"[""CSPM"",""source: Orca Scan""]" diff --git a/unittests/scans/orca_security/one_vuln.json b/unittests/scans/orca_security/one_vuln.json new file mode 100644 index 00000000000..9e134fe52af --- /dev/null +++ b/unittests/scans/orca_security/one_vuln.json @@ -0,0 +1,14 @@ +[ + { + "Title": "Unused role with policy found", + "Labels": ["CSPM", "source: Orca Scan"], + "CreatedAt": "2025-01-15T10:30:00+00:00", + "Status": "open", + "Category": "IAM misconfigurations", + "OrcaScore": 5.1, + "Source": "TestRole_abc123", + "LastSeen": "2025-02-01T12:00:00+00:00", + "CloudAccount": {"Name": "test-account"}, + "Inventory": {"Name": "TestRole_abc123"} + } +] diff --git a/unittests/scans/qualys/qualys_same_qid_different_ports.xml b/unittests/scans/qualys/qualys_same_qid_different_ports.xml new file mode 100644 index 00000000000..9e4c7fe29d1 --- /dev/null +++ b/unittests/scans/qualys/qualys_same_qid_different_ports.xml @@ -0,0 +1,68 @@ + + +
    + + + + + 192.168.1.1 + 192.168.1.1 + + + +
    + + + + 12345 + <![CDATA[Test Vulnerability]]> + 3 + + 2024-01-01T00:00:00Z + + + + + + + + 192.168.1.1 + IP + + + 2024-01-01T00:00:00Z + + + 12345 + Practice + 80 + false + + 2024-01-01T00:00:00Z + 2024-01-01T00:00:00Z + 1 + + + 12345 + Practice + 443 + true + + 2024-01-01T00:00:00Z + 2024-01-01T00:00:00Z + 1 + + + 12345 + Practice + 8080 + false + + 2024-01-01T00:00:00Z + 2024-01-01T00:00:00Z + 1 + + + + +     \ No newline at end of file diff --git a/unittests/test_false_positive_history_logic.py b/unittests/test_false_positive_history_logic.py index 564aff8f0c2..8748239bedd 100644 --- a/unittests/test_false_positive_history_logic.py +++ b/unittests/test_false_positive_history_logic.py @@ -1,9 +1,12 @@ import logging from datetime import datetime +from unittest.mock import patch from crum import impersonate from django.conf import settings +from dojo.finding.deduplication import do_false_positive_history_batch +from dojo.finding.views import EditFinding from dojo.location.models import Location, LocationFindingReference from dojo.models import ( Endpoint, @@ -1654,6 +1657,162 @@ def test_fp_history_different_legacy_different_product(self): self.assert_finding(find_created_before_mark_diff_severity, false_p=False, not_pk=22, not_product_id=2, title=find_22.title, not_severity=find_22.severity) self.assert_finding(find_created_after_mark_diff_severity, false_p=False, not_pk=22, not_product_id=2, title=find_22.title, not_severity=find_22.severity) + # -------------------------------------------------------------------- # + # Batch function tests # + # -------------------------------------------------------------------- # + + def test_fp_history_batch_issues_single_candidate_query(self): + """do_false_positive_history_batch must call the candidate-fetch helper once for the whole batch.""" + # Create two copies of finding 2 in the same test (hash_code algorithm). + find_a, _f = self.copy_and_reset_finding(find_id=2) + find_a.save() + find_b, _f = self.copy_and_reset_finding(find_id=2) + find_b.save() + + # Mark finding 2 as FP so the batch function has something to match against. + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.active = False + find_2.verified = False + find_2.save() + + batch = [Finding.objects.get(id=find_a.id), Finding.objects.get(id=find_b.id)] + + with patch("dojo.finding.deduplication._fetch_fp_candidates_for_batch", wraps=__import__("dojo.finding.deduplication", fromlist=["_fetch_fp_candidates_for_batch"])._fetch_fp_candidates_for_batch) as mock_fetch: + # 7 queries regardless of batch size: + # 1 System_Settings SELECT + # 4 lazy-load chain: findings[0].test / .engagement / .product / .test_type + # 1 candidates SELECT (with .only()) + # 1 bulk UPDATE + with self.assertNumQueries(7): + do_false_positive_history_batch(batch) + # One candidate-fetch call for the whole batch — not one per finding. + self.assertEqual(mock_fetch.call_count, 1, "Expected exactly one call to _fetch_fp_candidates_for_batch") + + # Functional check: both findings should now be marked as FP. + self.assert_finding(find_a, false_p=True) + self.assert_finding(find_b, false_p=True) + + def test_fp_history_batch_retroactive_marks_existing_active_fp(self): + """do_false_positive_history_batch retroactively marks pre-existing active findings as FP.""" + # Create a finding before the batch import so it pre-exists. + find_pre, _f = self.copy_and_reset_finding(find_id=2) + find_pre.save() + self.assert_finding(find_pre, false_p=False) + + # Simulate an incoming batch finding that already carries false_p=True + # (e.g. because the scanner reported it as a FP). + find_incoming, _f = self.copy_and_reset_finding(find_id=2) + find_incoming.false_p = True + find_incoming.active = False + find_incoming.save() + + batch = [Finding.objects.get(id=find_incoming.id)] + # 7 queries regardless of how many findings are retroactively marked: + # 1 System_Settings SELECT + # 4 lazy-load chain: findings[0].test / .engagement / .product / .test_type + # 1 candidates SELECT (with .only()) + # 1 bulk UPDATE + with self.assertNumQueries(7): + do_false_positive_history_batch(batch) + + # The pre-existing active finding must now be retroactively marked FP. + self.assert_finding(find_pre, false_p=True) + + def test_fp_history_batch_query_count_does_not_grow_with_affected_findings(self): + """ + Query count must stay flat (7) no matter how many findings are retroactively marked. + + With the old per-finding approach this would have been 7 + N queries where N is the + number of pre-existing findings that get marked as FP. With the batch approach it is + always 7: System_Settings, 4 lazy-load chain, candidates SELECT, one bulk UPDATE. + """ + NUM_PRE_EXISTING = 5 + + # Create several pre-existing active findings with the same hash_code. + pre_existing = [] + for _ in range(NUM_PRE_EXISTING): + find, _f = self.copy_and_reset_finding(find_id=2) + find.save() + pre_existing.append(find) + + # Incoming batch finding already carries false_p=True — triggers retroactive marking. + find_incoming, _f = self.copy_and_reset_finding(find_id=2) + find_incoming.false_p = True + find_incoming.active = False + find_incoming.save() + + batch = [Finding.objects.get(id=find_incoming.id)] + # 7 queries regardless of NUM_PRE_EXISTING: + # 1 System_Settings SELECT + # 4 lazy-load chain: findings[0].test / .engagement / .product / .test_type + # 1 candidates SELECT (with .only()) + # 1 bulk UPDATE covering all retroactively marked findings + with self.assertNumQueries(7): + do_false_positive_history_batch(batch) + + # All pre-existing findings must now be marked as FP. + for find in pre_existing: + self.assert_finding(find, false_p=True) + + # -------------------------------------------------------------------- # + # Single-finding edit: retroactive reactivation (was dead code pre-fix) # + # -------------------------------------------------------------------- # + + def test_process_false_positive_history_reactivation(self): + """EditFinding.process_false_positive_history reactivates FP matches when old_false_p=True.""" + # Set up a known-FP finding and a pre-existing match that is also FP. + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.active = False + find_2.verified = False + find_2.save() + + find_match, _f = self.copy_and_reset_finding(find_id=2) + find_match.false_p = True + find_match.active = False + find_match.verified = False + find_match.save() + + # Now simulate unmarking find_2 as FP (same as a user editing the finding). + find_2.false_p = False + find_2.active = True + find_2.verified = True + find_2.save() + + # old_false_p=True reflects the state BEFORE form.save(commit=False). + view = EditFinding() + view.process_false_positive_history(find_2, old_false_p=True) + + # The matching finding that was FP should now be reactivated. + find_match.refresh_from_db() + self.assertFalse(find_match.false_p) + self.assertEqual(find_match.active, find_2.active) + self.assertEqual(find_match.verified, find_2.verified) + + def test_process_false_positive_history_no_reactivation_without_old_false_p(self): + """EditFinding.process_false_positive_history must not reactivate when old_false_p is False.""" + find_2 = Finding.objects.get(id=2) + find_2.false_p = True + find_2.active = False + find_2.save() + + find_match, _f = self.copy_and_reset_finding(find_id=2) + find_match.false_p = True + find_match.active = False + find_match.save() + + find_2.false_p = False + find_2.active = True + find_2.save() + + view = EditFinding() + # old_false_p defaults to False — reactivation must NOT fire. + view.process_false_positive_history(find_2) + + find_match.refresh_from_db() + self.assertTrue(find_match.false_p, "Match should remain FP when old_false_p=False") + # --------------- # # Utility Methods # # --------------- # diff --git a/unittests/test_importers_performance.py b/unittests/test_importers_performance.py index ea3b3b79b40..665522c0de3 100644 --- a/unittests/test_importers_performance.py +++ b/unittests/test_importers_performance.py @@ -262,7 +262,7 @@ def _import_reimport_performance(self, expected_num_queries1, expected_num_async @override_settings(ENABLE_AUDITLOG=True) def test_import_reimport_reimport_performance_pghistory_async(self): """ - This test checks the performance of the importers when using django-pghistory with async enabled. + This test checks the performance of the importers when using django-pghistory and celery tasks in sync mode Query counts will need to be determined by running the test initially. """ configure_audit_system() @@ -280,7 +280,7 @@ def test_import_reimport_reimport_performance_pghistory_async(self): @override_settings(ENABLE_AUDITLOG=True) def test_import_reimport_reimport_performance_pghistory_no_async(self): """ - This test checks the performance of the importers when using django-pghistory with async disabled. + This test checks the performance of the importers when using django-pghistory and celery tasks in sync mode. Query counts will need to be determined by running the test initially. """ configure_audit_system() @@ -446,7 +446,7 @@ def test_deduplication_performance_pghistory_async(self): @override_settings(ENABLE_AUDITLOG=True) def test_deduplication_performance_pghistory_no_async(self): - """Test deduplication performance with django-pghistory and async tasks disabled.""" + """Test deduplication performance with django-pghistory and celery tasks in sync mode.""" configure_audit_system() configure_pghistory_triggers() @@ -460,7 +460,7 @@ def test_deduplication_performance_pghistory_no_async(self): self._deduplication_performance( expected_num_queries1=271, expected_num_async_tasks1=7, - expected_num_queries2=236, + expected_num_queries2=183, expected_num_async_tasks2=7, ) @@ -520,7 +520,7 @@ def test_import_reimport_reimport_performance_pghistory_async(self): configure_pghistory_triggers() self._import_reimport_performance( - expected_num_queries1=1225, + expected_num_queries1=1191, expected_num_async_tasks1=6, expected_num_queries2=716, expected_num_async_tasks2=17, @@ -542,7 +542,7 @@ def test_import_reimport_reimport_performance_pghistory_no_async(self): testuser.usercontactinfo.save() self._import_reimport_performance( - expected_num_queries1=1234, + expected_num_queries1=1200, expected_num_async_tasks1=6, expected_num_queries2=725, expected_num_async_tasks2=17, @@ -565,7 +565,7 @@ def test_import_reimport_reimport_performance_pghistory_no_async_with_product_gr self.system_settings(enable_product_grade=True) self._import_reimport_performance( - expected_num_queries1=1244, + expected_num_queries1=1210, expected_num_async_tasks1=8, expected_num_queries2=735, expected_num_async_tasks2=19, @@ -663,7 +663,7 @@ def test_deduplication_performance_pghistory_async(self): self.system_settings(enable_deduplication=True) self._deduplication_performance( - expected_num_queries1=1445, + expected_num_queries1=1411, expected_num_async_tasks1=7, expected_num_queries2=1016, expected_num_async_tasks2=7, @@ -683,8 +683,8 @@ def test_deduplication_performance_pghistory_no_async(self): testuser.usercontactinfo.save() self._deduplication_performance( - expected_num_queries1=1454, + expected_num_queries1=1420, expected_num_async_tasks1=7, - expected_num_queries2=1185, + expected_num_queries2=1132, expected_num_async_tasks2=7, ) diff --git a/unittests/test_rest_framework.py b/unittests/test_rest_framework.py index 10b07ee0a98..c73f2fdc025 100644 --- a/unittests/test_rest_framework.py +++ b/unittests/test_rest_framework.py @@ -1011,7 +1011,38 @@ def test_close_finding_pushes_note_to_jira_when_configured(self): } response = self.client.post(self._close_url(finding.id), payload, format="json") self.assertEqual(200, response.status_code, response.content[:1000]) - self.assertTrue(add_comment_mock.called) + self.assertTrue(add_comment_mock.called) + + +@versioned_fixtures +class FindingVerifyAPITest(DojoAPITestCase): + fixtures = ["dojo_testdata.json"] + + def setUp(self): + testuser = User.objects.get(username="admin") + token = Token.objects.get(user=testuser) + self.client = APIClient() + self.client.credentials(HTTP_AUTHORIZATION=f"Token {token.key}") + self.admin = testuser + + def _verify_url(self, finding_id: int) -> str: + return f"/api/v2/findings/{finding_id}/verify/" + + def test_verify_finding_basic(self): + finding = Finding.objects.get(id=7) + response = self.client.post(self._verify_url(finding.id), {"note": "Marked verified"}, format="json") + self.assertEqual(200, response.status_code, response.content[:1000]) + + finding.refresh_from_db() + self.assertTrue(finding.verified) + self.assertEqual(finding.last_reviewed_by, self.admin) + self.assertTrue(finding.notes.filter(entry__icontains="Marked verified").exists()) + + def test_verify_finding_invalid_payload(self): + finding = Finding.objects.get(id=7) + # note_type specified but invalid id + response = self.client.post(self._verify_url(finding.id), {"note_type": 9999}, format="json") + self.assertEqual(400, response.status_code, response.content[:1000]) @versioned_fixtures diff --git a/unittests/tools/test_awssecurityhub_parser.py b/unittests/tools/test_awssecurityhub_parser.py index cbca268841d..c91e9bf3e7a 100644 --- a/unittests/tools/test_awssecurityhub_parser.py +++ b/unittests/tools/test_awssecurityhub_parser.py @@ -72,6 +72,10 @@ def test_inspector_ec2(self): self.assertEqual(1, len(finding.unsaved_vulnerability_ids)) self.assertEqual("CVE-2022-3643", finding.unsaved_vulnerability_ids[0]) self.assertEqual("- Update kernel-4.14.301\n\t- yum update kernel\n", finding.mitigation) + # Verify CVSS v3 extraction via parse_cvss_data helper + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", finding.cvssv3) + self.assertIn("CVSS v3 vector:", finding.severity_justification) + self.assertIn("AWS severity: CRITICAL", finding.severity_justification) location = self.get_unsaved_locations(finding)[0] self.assertEqual("AwsEc2Instance_arn_aws_ec2_us-east-1_XXXXXXXXXXXX_i-11111111111111111".lower(), location.host.lower()) @@ -97,6 +101,8 @@ def test_inspector_ec2_ghsa(self): self.assertIn("GHSA-p98r-538v-jgw5", finding.title) self.assertSetEqual({"CVE-2023-34256", "GHSA-p98r-538v-jgw5"}, set(finding.unsaved_vulnerability_ids)) self.assertEqual("https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-p98r-538v-jgw5", finding.references) + # Verify backward compatibility: no CVSS data in this fixture + self.assertIsNone(finding.cvssv3) location = self.get_unsaved_locations(finding)[0] self.assertEqual("AwsEc2Instance_arn_aws_ec2_eu-central-1_012345678912_instance_i-07c11cc535d830123".lower(), location.host.lower()) @@ -115,6 +121,8 @@ def test_inspector_ecr(self): self.assertIn("repo-os/sha256:af965ef68c78374a5f987fce98c0ddfa45801df2395bf012c50b863e65978d74", finding.impact) self.assertIn("Repository: repo-os", finding.impact) self.assertEqual(0.0014, finding.epss_score) + # Verify CVSS v3 extraction from the ECR fixture + self.assertEqual("CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", finding.cvssv3) location = self.get_unsaved_locations(finding)[0] self.assertEqual("AwsEcrContainerImage_arn_aws_ecr_eu-central-1_123456789012_repository_repo-os_sha256_af965ef68c78374a5f987fce98c0ddfa45801df2395bf012c50b863e65978d74".lower(), location.host.lower()) diff --git a/unittests/tools/test_dependency_track_parser.py b/unittests/tools/test_dependency_track_parser.py index b4fb2156af5..126051864b7 100644 --- a/unittests/tools/test_dependency_track_parser.py +++ b/unittests/tools/test_dependency_track_parser.py @@ -1,3 +1,5 @@ +from datetime import date + from dojo.models import Test from dojo.tools.dependency_track.parser import DependencyTrackParser from unittests.dojo_test_case import DojoTestCase, get_unit_tests_scans_path @@ -60,6 +62,17 @@ def test_dependency_track_parser_has_one_finding(self): "ca4f2da9-0fad-4a13-92d7-f627f3168a56:b815b581-fec1-4374-a871-68862a8f8d52:115b80bb-46c4-41d1-9f10-8a175d4abb46", findings[0].unique_id_from_tool, ) + self.assertEqual( + "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + findings[0].cvssv3, + ) + self.assertEqual( + "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", + findings[0].cvssv4, + ) + self.assertIn("https://example.com", findings[0].references) + self.assertIn("https://example.org", findings[0].references) + self.assertEqual(date(2025, 7, 11), findings[0].publish_date) def test_dependency_track_parser_v3_8_0(self): with ( diff --git a/unittests/tools/test_iriusrisk_parser.py b/unittests/tools/test_iriusrisk_parser.py new file mode 100644 index 00000000000..1c0080a3f6c --- /dev/null +++ b/unittests/tools/test_iriusrisk_parser.py @@ -0,0 +1,148 @@ +from dojo.models import Test +from dojo.tools.iriusrisk.parser import IriusriskParser +from unittests.dojo_test_case import DojoTestCase, get_unit_tests_scans_path + + +class TestIriusriskParser(DojoTestCase): + + def test_parse_no_findings(self): + with (get_unit_tests_scans_path("iriusrisk") / "no_vuln.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_one_finding(self): + with (get_unit_tests_scans_path("iriusrisk") / "one_vuln.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + + def test_parse_many_findings(self): + with (get_unit_tests_scans_path("iriusrisk") / "many_vulns.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(7, len(findings)) + + def test_finding_severity_high(self): + with (get_unit_tests_scans_path("iriusrisk") / "one_vuln.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual("High", findings[0].severity) + + def test_finding_severity_medium(self): + with (get_unit_tests_scans_path("iriusrisk") / "many_vulns.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual("Medium", findings[1].severity) + + def test_finding_severity_low(self): + with (get_unit_tests_scans_path("iriusrisk") / "many_vulns.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual("Low", findings[2].severity) + + def test_finding_severity_very_low_maps_to_info(self): + with (get_unit_tests_scans_path("iriusrisk") / "many_vulns.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual("Info", findings[3].severity) + + def test_finding_severity_critical(self): + with (get_unit_tests_scans_path("iriusrisk") / "many_vulns.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + # Row 6 (index 5) has Current Risk = "Critical" + self.assertEqual("Critical", findings[5].severity) + + def test_finding_title_truncated_at_500_chars(self): + with (get_unit_tests_scans_path("iriusrisk") / "many_vulns.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + # Row 7 (index 6) has a threat longer than 500 characters + self.assertLessEqual(len(findings[6].title), 500) + self.assertTrue(findings[6].title.endswith("...")) + + def test_finding_title_not_truncated_when_short(self): + with (get_unit_tests_scans_path("iriusrisk") / "one_vuln.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual("Accessing functionality not properly constrained by ACLs", findings[0].title) + + def test_finding_component_name(self): + with (get_unit_tests_scans_path("iriusrisk") / "one_vuln.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual("Router", findings[0].component_name) + + def test_finding_description_contains_all_fields(self): + with (get_unit_tests_scans_path("iriusrisk") / "one_vuln.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + desc = findings[0].description + self.assertIn("Accessing functionality not properly constrained by ACLs", desc) + self.assertIn("Router", desc) + self.assertIn("Elevation of Privilege", desc) + self.assertIn("Created by Rules Engine", desc) + self.assertIn("High", desc) + + def test_finding_mitigation(self): + with (get_unit_tests_scans_path("iriusrisk") / "one_vuln.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual( + "Planned mitigation: 0%. Mitigated: 0%. Unmitigated: 100%.", + findings[0].mitigation, + ) + + def test_finding_active_when_risk_not_very_low(self): + with (get_unit_tests_scans_path("iriusrisk") / "one_vuln.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertTrue(findings[0].active) + + def test_finding_inactive_when_very_low(self): + with (get_unit_tests_scans_path("iriusrisk") / "many_vulns.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertFalse(findings[3].active) + + def test_finding_static_finding(self): + with (get_unit_tests_scans_path("iriusrisk") / "one_vuln.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertFalse(findings[0].static_finding) + self.assertFalse(findings[0].dynamic_finding) + + def test_finding_with_owner(self): + with (get_unit_tests_scans_path("iriusrisk") / "many_vulns.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertIn("John Smith", findings[4].description) + + def test_finding_with_empty_owner(self): + with (get_unit_tests_scans_path("iriusrisk") / "one_vuln.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + self.assertNotIn("None", findings[0].description) + + def test_finding_cwe_from_mitre_reference(self): + with (get_unit_tests_scans_path("iriusrisk") / "many_vulns.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + # Row 1 (index 0) has MITRE reference = "CWE-284" + self.assertEqual(284, findings[0].cwe) + + def test_finding_references_from_mitre_reference(self): + with (get_unit_tests_scans_path("iriusrisk") / "many_vulns.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + # Row 2 (index 1) has MITRE reference = "T1059" (not a CWE) + self.assertEqual("T1059", findings[1].references) + + def test_finding_stride_lm_in_description(self): + with (get_unit_tests_scans_path("iriusrisk") / "many_vulns.csv").open(encoding="utf-8") as testfile: + parser = IriusriskParser() + findings = parser.get_findings(testfile, Test()) + # Row 1 (index 0) has STRIDE-LM = "Elevation of Privilege" + self.assertIn("STRIDE-LM", findings[0].description) + self.assertIn("Elevation of Privilege", findings[0].description) diff --git a/unittests/tools/test_orca_security_parser.py b/unittests/tools/test_orca_security_parser.py new file mode 100644 index 00000000000..95d3ac9c472 --- /dev/null +++ b/unittests/tools/test_orca_security_parser.py @@ -0,0 +1,107 @@ +from dojo.models import Test +from dojo.tools.orca_security.parser import OrcaSecurityParser +from unittests.dojo_test_case import DojoTestCase, get_unit_tests_scans_path + + +class TestOrcaSecurityParser(DojoTestCase): + + # --- CSV Tests --- + + def test_parse_csv_no_findings(self): + with (get_unit_tests_scans_path("orca_security") / "no_vuln.csv").open(encoding="utf-8") as testfile: + parser = OrcaSecurityParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_csv_one_finding(self): + with (get_unit_tests_scans_path("orca_security") / "one_vuln.csv").open(encoding="utf-8") as testfile: + parser = OrcaSecurityParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("Unused role with policy found", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertTrue(finding.active) + self.assertTrue(finding.static_finding) + self.assertFalse(finding.dynamic_finding) + self.assertEqual("TestRole_abc123", finding.component_name) + self.assertEqual("TestRole_abc123", finding.service) + self.assertEqual("OrcaScore: 5.1", finding.severity_justification) + self.assertIn("IAM misconfigurations", finding.description) + self.assertEqual(["CSPM", "source: Orca Scan"], finding.unsaved_tags) + + def test_parse_csv_many_findings(self): + with (get_unit_tests_scans_path("orca_security") / "many_vulns.csv").open(encoding="utf-8") as testfile: + parser = OrcaSecurityParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(5, len(findings)) + + # Check severity mapping across all levels + severities = [f.severity for f in findings] + self.assertIn("Low", severities) + self.assertIn("Medium", severities) + self.assertIn("High", severities) + self.assertIn("Critical", severities) + self.assertIn("Info", severities) + + # Check inactive finding (last one, status=closed) + closed_finding = findings[4] + self.assertFalse(closed_finding.active) + self.assertEqual("Info", closed_finding.severity) + + # --- JSON Tests --- + + def test_parse_json_no_findings(self): + with (get_unit_tests_scans_path("orca_security") / "no_vuln.json").open(encoding="utf-8") as testfile: + parser = OrcaSecurityParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(0, len(findings)) + + def test_parse_json_one_finding(self): + with (get_unit_tests_scans_path("orca_security") / "one_vuln.json").open(encoding="utf-8") as testfile: + parser = OrcaSecurityParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + finding = findings[0] + self.assertEqual("Unused role with policy found", finding.title) + self.assertEqual("Medium", finding.severity) + self.assertTrue(finding.active) + self.assertTrue(finding.static_finding) + self.assertFalse(finding.dynamic_finding) + self.assertEqual("TestRole_abc123", finding.component_name) + self.assertEqual("TestRole_abc123", finding.service) + self.assertEqual("OrcaScore: 5.1", finding.severity_justification) + self.assertIn("IAM misconfigurations", finding.description) + self.assertEqual(["CSPM", "source: Orca Scan"], finding.unsaved_tags) + + def test_parse_json_many_findings(self): + with (get_unit_tests_scans_path("orca_security") / "many_vulns.json").open(encoding="utf-8") as testfile: + parser = OrcaSecurityParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(5, len(findings)) + + # Check severity mapping across all levels + severities = [f.severity for f in findings] + self.assertIn("Low", severities) + self.assertIn("Medium", severities) + self.assertIn("High", severities) + self.assertIn("Critical", severities) + self.assertIn("Info", severities) + + # Check inactive finding (last one, status=closed) + closed_finding = findings[4] + self.assertFalse(closed_finding.active) + self.assertEqual("Info", closed_finding.severity) + + # --- Cross-format consistency tests --- + + def test_date_is_parsed(self): + """CreatedAt should be parsed into a date object.""" + with (get_unit_tests_scans_path("orca_security") / "one_vuln.json").open(encoding="utf-8") as testfile: + parser = OrcaSecurityParser() + findings = parser.get_findings(testfile, Test()) + finding = findings[0] + self.assertIsNotNone(finding.date) + self.assertEqual(2025, finding.date.year) + self.assertEqual(1, finding.date.month) + self.assertEqual(15, finding.date.day) diff --git a/unittests/tools/test_qualys_parser.py b/unittests/tools/test_qualys_parser.py index 060b6b9fcc0..e8e6d838a78 100644 --- a/unittests/tools/test_qualys_parser.py +++ b/unittests/tools/test_qualys_parser.py @@ -239,3 +239,29 @@ def test_get_severity(self): } self.assertEqual(expected_counts, counts) + + def test_parse_file_same_qid_different_ports_has_separate_endpoints(self): + """Test that findings with same QID but different ports get separate endpoints. + Regression test for https://github.com/DefectDojo/django-DefectDojo/issues/13682 + """ + with ( + get_unit_tests_scans_path("qualys") / "qualys_same_qid_different_ports.xml").open(encoding="utf-8", + ) as testfile: + parser = QualysParser() + findings = parser.get_findings(testfile, Test()) + self.validate_locations(findings) + # Same QID on 3 different ports should produce 3 separate findings + self.assertEqual(3, len(findings)) + # All findings should have the same title (QID unchanged) + for finding in findings: + self.assertEqual(finding.title, "QID-12345 | Test Vulnerability") + # Each finding should have a different port on its endpoint + ports = set() + for finding in findings: + locations = self.get_unsaved_locations(finding) + self.assertEqual(1, len(locations)) + self.assertEqual(locations[0].host, "testhost.example.com") + ports.add(locations[0].port) + # All 3 ports should be present + self.assertEqual({80, 443, 8080}, ports) + diff --git a/wsgi.py b/wsgi.py deleted file mode 100644 index 19f8d609d0b..00000000000 --- a/wsgi.py +++ /dev/null @@ -1,35 +0,0 @@ -""" -WSGI config for dojo project. - -This module contains the WSGI application used by Django's development server -and any production WSGI deployments. It should expose a module-level variable -named ``application``. Django's ``runserver`` and ``runfcgi`` commands discover -this application via the ``WSGI_APPLICATION`` setting. - -Usually you will have the standard Django WSGI application here, but it also -might make sense to replace the whole Django WSGI application with a custom one -that later delegates to the Django one. For example, you could introduce WSGI -middleware here, or combine a Django application with an application of another -framework. - -""" -import os - -from django.core.wsgi import get_wsgi_application -from django.urls import get_resolver - -from dojo.settings.settings import ROOT_URLCONF - -# We defer to a DJANGO_SETTINGS_MODULE already in the environment. This breaks -# if running multiple sites in the same mod_wsgi process. To fix this, use -# mod_wsgi daemon mode with each site in its own daemon process, or use -# os.environ["DJANGO_SETTINGS_MODULE"] = "dojo.settings" -os.environ.setdefault("DJANGO_SETTINGS_MODULE", "dojo.settings.settings") - -# This application object is used by any WSGI server configured to use this -# file. This includes Django's development server, if the WSGI_APPLICATION -# setting points here. -application = get_wsgi_application() - -# Preload the application code by preloading the URLs configuration -get_resolver(ROOT_URLCONF).url_patterns # noqa: B018